| draft-carter-high-assurance-dids-with-dns-00.txt | draft-carter-high-assurance-dids-with-dns-01.txt | |||
|---|---|---|---|---|
| Network Working Group J. Carter | Network Working Group J. Carter | |||
| Internet-Draft J. Latour | Internet-Draft J. Latour | |||
| Intended status: Informational CIRA | Intended status: Informational CIRA | |||
| Expires: 22 September 2024 M. Glaude | Expires: 23 September 2024 M. Glaude | |||
| NorthernBlock | NorthernBlock | |||
| T. Bouma | T. Bouma | |||
| Digital Governance Council | Digital Governance Council | |||
| 21 March 2024 | 22 March 2024 | |||
| High Assurance DIDs with DNS | High Assurance DIDs with DNS | |||
| draft-carter-high-assurance-dids-with-dns-00 | draft-carter-high-assurance-dids-with-dns-01 | |||
| Abstract | Abstract | |||
| This document outlines a method for improving the authenticity, | This document outlines a method for improving the authenticity, | |||
| discoverability, and portability of Decentralized Identifiers (DIDs) | discoverability, and portability of Decentralized Identifiers (DIDs) | |||
| by utilizing the current DNS infrastructure and its technologies. | by utilizing the current DNS infrastructure and its technologies. | |||
| This method offers a straightforward procedure for a verifier to | This method offers a straightforward procedure for a verifier to | |||
| cryptographically cross-validate a DID using data stored in the DNS, | cryptographically cross-validate a DID using data stored in the DNS, | |||
| separate from the DID document. | separate from the DID document. | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 22 September 2024. | This Internet-Draft will expire on 23 September 2024. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 4, line 18 ¶ | skipping to change at page 4, line 18 ¶ | |||
| assurance when proving your identity or age, replicating important | assurance when proving your identity or age, replicating important | |||
| information about a DID into a different domain (like the DNS) | information about a DID into a different domain (like the DNS) | |||
| enables a similar form of cross validation. This enhances the | enables a similar form of cross validation. This enhances the | |||
| initial trust establishment between the user and the DID document, as | initial trust establishment between the user and the DID document, as | |||
| the key information can be compared and verified across two | the key information can be compared and verified across two | |||
| segregated sets of infrastructure. This also acts as a form of | segregated sets of infrastructure. This also acts as a form of | |||
| ownership verification in a similar way to 2FA, as the implementer | ownership verification in a similar way to 2FA, as the implementer | |||
| must have control over both the DNS zone and the DID document to | must have control over both the DNS zone and the DID document to | |||
| properly duplicate the relevant information. | properly duplicate the relevant information. | |||
| +----------------+ +----------------+ | | | | | DNS Server | | Web | +----------------+ +----------------+ | |||
| Server | | | | | | +-------+ | | +-------+ | | | DID |<---+-----+-->| | | | | | | |||
| DID | | | +-------+ | | +-------+ | | +-------+ | | +-------+ | | | | | DNS Server | | Web Server | | |||
| PKI |<---+-----+-->| PKI | | | +-------+ | | +-------+ | | | | | | | | | | | |||
| +----------------+ +----------------+ | | +-------+ | | +-------+ | | |||
| | | DID |<---+-----+-->| DID | | | ||||
| | +-------+ | | +-------+ | | ||||
| | +-------+ | | +-------+ | | ||||
| | | PKI |<---+-----+-->| PKI | | | ||||
| | +-------+ | | +-------+ | | ||||
| | | | | | ||||
| +----------------+ +----------------+ | ||||
| The diagram above illustrates how a web server storing the DID | The diagram above illustrates how a web server storing the DID | |||
| document, and the DNS server storing the URI and TLSA records shares | document, and the DNS server storing the URI and TLSA records shares | |||
| and links the key information about the DID accross to independant | and links the key information about the DID accross to independant | |||
| sets of infrastructure. | sets of infrastructure. | |||
| 3.1. Specifically for did:web | 3.1. Specifically for did:web | |||
| With did:web, there’s an inherent link between the DNS needed to | With did:web, there’s an inherent link between the DNS needed to | |||
| resolve the associated DID document and the domain where the relevant | resolve the associated DID document and the domain where the relevant | |||
| End of changes. 5 change blocks. | ||||
| 9 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||