-
Notifications
You must be signed in to change notification settings - Fork 3
Making DAPs more Decentralized #44
Comments
Lots of food for thought there, thanks for raising this @decentralgabe . When implementing DAPs for our hack week, having the resolution of a DAP be bound to a It occurred to me today that a DAP is currently defined as I think what we really want is the DAP to be defined as I think this relates directly to your point 4, so for me this seems like the key. I don't have much experience in this area at all, so this strikes me as a pretty difficult problem.
I started searching for more information on this problem, and I also came across
|
I appreciate the thoughtful reply @aparkersquare. I don't have enough time right now to address all of your points, but I do want to respond to...
google has an interesting project that I've wanted to make use of for a while that could help us address this -- https://github.com/google/trillian the project is part of a larger concept (Certificate Transpraency - website is pretty good)
the best we can do would be a federation, which is better than someone trying to create a new unique name-spacing system (which works as long as you use their system, of course). federations are fine because the decentralized options I've seen aren't really decentralized at all. |
I want to start by saying I'm a supporter of DAPs. Naming has been a problem in the payments, crypto, and decentralized identity community for a while. For DAPs to succeed, and differentiate themselves from prior solutions, they need to be decentralized--this isn't controversial since it's in the name. I believe that DAPs don't live up to their name today. This is OK, it's early days 😄.
That said -- with this issue I aim to outline a number of issues and corresponding recommendations to align the DAP spec more closely with principles of decentralization, making it more resilient, and secure. This list is not exhaustive, but it should be a good starting place for analyzing the decentralizedness of DAPs.
In no particular order of importance...
1. Multi-Registry Redundancy
The current single-registry model introduces a central point of failure, and centralization risk--decentralization is a measure of how many people can tell you "no." With the current design that answer is "one organization."
Recommendation:
Register DAPs across multiple redundant registries from different providers. For example,
@name/test.app
could be replicated across@name/terst.app
,@name/toost.app
with consistent values.Considerations:
Multi-registry redundancy provides resilience against failures or censorship risk, reduces lock-in, and improves portability. DAPs without redundancy cannot be considered decentralized.
2. Decentralized Root Registry
There's a need for a robust, decentralized registry mechanism that doesn't rely solely on centralized systems like businesses (Cash App) or domain registrars (DNS).
Recommendation:
Implement a decentralized "root" registry using one of the following approaches:
The root registry would serve as the authoritative source for a user's identity, with other registries acting as pointers or replicas. A decentralized root registry = an authoritative source of truth without relying solely on centralized providers.
3. Single DAP as the Default Model
The current design may lead to users having multiple DAPs when interacting with different providers, potentially causing fragmentation and undermine the purpose of a unified, self-sovereign identity that's human-friendly (see #39).
Recommendation:
Promote a model where users maintain a single primary DAP that points to multiple payment addresses. While supporting multiple DAPs for specific use cases (privacy, personas), the default should be "one true identity" for payments.
A single, primary DAP per user simplifies the user experience, strengthens the concept of a unified digital identity for payments, and aligns with SSI principles. Users can maintain a consistent identity across multiple services without the need for multiple DAPs == a selling point.
4. DNS Agnosticism
The
@local-handle/domain
structure implies a reliance on traditional DNS, introducing centralization risks. DNS-based systems are vulnerable to control and censorship issues.Recommendation:
Make the DAP system completely agnostic to DNS, capable of accommodating multiple name resolution systems such as GNS, ENS, Handshake, or others. Providing a base level of decentralization is important.
The 'default' can still be DNS based, and coupled with the other aforementioned proposals, is less of an issue. For those wishing to avoid replication, they can go direct to an avenue they already view as sufficient for their needs (like existing ENS or UMA).
5. Integrity Protection for DAP Records
Relying on any single provider for hosting the DAP introduces risks of tampering or malicious redirection. Current DID signatures alone are not sufficient to guarantee that the DAP has not been tampered with.
Recommendation:
Implement robust integrity protection mechanisms:
Strong integrity protection ensures that DAP records remain tamper-evident and verifiable, crucial for maintaining trust in the system.
6. Decentralized DID Methods
The use of
did:web
introduces unnecessary centralization and vulnerability to domain control or censorship (there are a ton of articles and real-world examples about the risks of relying solely on domain names, if you need sources let me know).Recommendation:
Prioritize more decentralized DID methods such as
did:dht
,did:jwk
, or even an enhanceddid:web
-type method likedid:tdw
. Add explicit language about choice/tradeoffs in DID method.Using decentralized DID methods reduces dependencies on centralized infrastructure and aligns better with the overall goals of a decentralized system. Having multiple centralization points introduces signifacntly more room for failure (a central registry on top of a
did:web
, for example).7. Data Authentication in Services
Data pointed to by a DAP must be authenticated to prevent tampering and malicious modifications.
Recommendation:
Implement auth and verification mechanisms for all data within the DAP ecosystem:
Verifiability as a base construct can ensure that data stored in services remains tamper-evident and trusted.
8. Simplify Data Representation
The use of JSON Canonicalization Scheme (JCS) adds unnecessary complexity and can lead to security issues.
Canonicalization introduces unnecessary complexity, risks, and performance hits. Deterministic encoding methods like CBOR offer simpler, more secure/efficient solutions for ensuring data consistency without transformations.
When we don't require full serialization, simpler approaches like predefined sorting rules or hash-then-sign methods can achieve necessary consistency without canonicalization's drawbacks.
Replace JCS with simpler and more efficient solutions:
Final Thoughts
Looking forward to discussing and hearing what you think 😄 .
The text was updated successfully, but these errors were encountered: