ucanto icon indicating copy to clipboard operation
ucanto copied to clipboard
verified publisher icon web3-storage

Support for did:mailto

Open Gozala opened this issue 3 years ago • 1 comments

General idea is to include did:mailto -> did:key mapping inside a UCAN itself (either in fct or prf) so that received invocations may be verified.

In the initial version we'd want to embed delegation from trusted authority like service itself that authorizes did:key to represent specific did:mailto. In the future version we'd want to embed DKIM header into fct instead to remove need for trusted authority.

Gozala avatar Nov 29 '22 08:11 Gozala

Just thinking out loud here

  1. If we want stateless UCAN verification, state must be captured inside a UCAN itself.
  2. We can capture did:mailto -> did:key state inside the UCAN to make it work.
  3. State MUST be passed into principal parser to perform resolution (so current API needs to account for it).
    • However some of this is entangled with side-loading of the UCANs which is right now domain of validator
  4. Permanent did:other -> did:key is no good as it can't be revoked
    • Instead we need that mapping to be a UCAN so it has expiry & can be revoked
    • Checking for revocations is another thing that is part of validator and does not belong in principal domain, but we're tangling them now
      • Perhaps we need whole another layer to do all of the resolution before creating non did:key principals.

Gozala avatar Nov 29 '22 19:11 Gozala