Two useful possibilities leveraging GitHub

[ChristopherA]

Though this spec is focused in git, not GitHub, there are three features of github that may be very useful.

The first is that all GitHub users who have registered GPG keys for file signing, you can access their public key by just appending .gpg to their user name, such as https://github.com/ChristopherA.gpg — this makes GitHub alternative source for keys rather than the problematic key servers.

The 2nd is that gists are actually small git repos, so you add additional files and can sign commits with GPG. You can check it out with git clone [email protected]:855bf8e4774375613c6b2e1226501ba6.git

The third, as you'll note above, any user gist, such as https://gist.github.com/ChristopherA/855bf8e4774375613c6b2e1226501ba6 can also be accessed without the user name at https://gist.github.com/855bf8e4774375613c6b2e1226501ba6 which is short enough to fit in an BTCR OP_RETURN.

All of this may make gists a useful place to store a DID or VCs.

-- Christopher Allen

cc: @rxgrant @kimdhamilton @joeandrieu

[OR13]

Awesome, i didn't know about the gpg extension...

In the earliest version of GitHub DID we based the DID off the repo name, and also supported storing VCs on github... I'd be interested in adding something like that back for repos and gists at some point in the future, particularly to help make OCAP / ZCAPs easier to understand.

[OR13]

We could add a step to the GitHub DID resolver that makes sure that a GitHub DID also has a registered GPG key...

As you mentioned: https://github.com/OR13.gpg

This would prevent a GitHub DID from returning a DID Document that did not contain a registered GPG key, but it would make creating GitHub DIDs a much more complicated process.

IMO such an integration would not be worth the effort, since the main objective is to make it easy to create DIDs...

There is also: https://github.com/dhuseby/did-git-spec

I think I need to actually write a proper spec for GitHub DID soon.