10D/ Fantastic DIDComm Protocols, and How to Write Them

From IIW

Fantastic DIDComm Protocols and How to Write Them

Wednesday 10D

Convener: Sam Curren

Notes-taker(s):  Sam Curren

Tags for the session - technology discussed/ideas considered:

DIDComm, Protocols

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps

Session Slides: https://hackmd.io/rwOOObn4RzaITcC217lGpw

(more links in slides)


  • Sandboxing? (see links)

  • DIDComm protocols <> Aries RFC relationship?

    • From TimoGlastra to Everyone: So all Aries protocols are DIDComm protocols, but not all DIDComm protocols are Aries protocols if that makes sense; DIDComm is extracted from Aries in V2. You can use DIDComm without Aries, but can't use Aries without DIDComm. Aries is focused on creating, transmitting and storing verifiable digital credentials, while the application of DIDComm is much broader

  • Alex from Spherity: FInal version when? Feature freeze? How/when to buidl?

  • Geo Fletcher “v2 is almost done but v3 is already starting” sounds really scary, this sends up red flags about timeline and life expectancy

  • Vic C: does an ecosystem sprout from this? An app store?

    • Sam: I can see lots of systems (and the web) integrating this as a protocol (the way everything does email), or bootstrapping it

    • Sam: This would’ve been easier to build as a product/platform, but building it as a protocol strives for the goal of being like email

    • Vic: How could people “invest” in the protocol beyond just donating code/review/etc? Is a “token” out of the question?

    • Sam: I’m nervous about binding the DIDComm protocols to a long-term risk; a token could crash, be a net negative, etc;

      • Protocols could go this route, but not the DIDComm framework around it; protocols could be proprietary, support a tokenized network, etc

    • David: Why did SMIME fail?

      • [from chat, Sebastian]: SMIME certs cost money-- let’s encrypt for DMIME is missing

      • Sam: I mean, DIDs and DIDComm are, debatably, PGP with more steps!

      • [from chat, Bart]: PGP failed because it was too technical, I worry DIDComm could too… or put differently: people use apps/services, not technology/protocols

      • Sam: i can’t really answer this…

      • [Natgeo]: Especially in light of our tendency for creating so many “V1 layer” alternatives —> if you have more than one key server (or key ledger/chain/etc) you ain’t got any. Key management philosophy matters, and we still have a lot of work to do there

      • Sam; I tried doing TLS with DIDDoc keys, which is allowed by the DID spec… but `openSSL` and all the commodity TLS tooling assumes lots of things, and would have to be reimplemented all the way down…

        • Partic for mobile-friendliness and async routing :/

Links from the Zoom Chat:

  • Sandboxing? Anything like the eth community’s Ganache?

    • Sam C: Aries toolbox is a little out of date (cert issue), but it works!

    • (from audience) Don’t know If this helps but we release a Typescript open sourced npm package based on Aries Cloud Agent Python which tends to track DIDComm developments