12D/ Rebooting DID: ethr / Phillipp B. Lauritz L. Dennis V.
Session 12D
Rebooting did:ethr
Session Convener: Lauritz Leifermann, Dennis von der Bey, Philipp Bolte
Notes-taker(s): Philipp Bolte, Italo Borssatto
Tags / links to resources / technology discussed, related to this session:
did method, ethereum, did:ethr, rebooting
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Original notes: https://hackmd.io/x15fSXiqQESsI9cZxCuKtQ
Current problems:
- Diverging smart contract versions
- Smart contract development and deployment life cycle
- No upgradability (migration is hard)
- Replay attack vulnerability (no nonce tracking on addDelegateSigned)
- Non-standard meta txn hashing (no usage of EIP-712)
- Unused delegate mapping
- Specification governance
- Missing assertionMethod for resolvers
- Hard link between controller key material and assertion method
- No audit
- Not maintained
- Going through the problems:
- Since the deployment of did:ethr, the DID Core spec has changed → is the current version of did:ethr following the spec? → we don’t know but probably not
- We need to find a funding model for how to include the community + a governance model around it
- Did:pkh is competition we have to compete with → even though its not spec compliant (no support for service endpoints, key rotation, …)
- Should we do a working group and talk to the Ethereum Foundation? → Might be helpful because another company has indicated interest in supporting changin did:ethr
- On chain upgradability brings securities risks
- Ideas:
- Maybe we should rename did:ethr → did:eth
- did:ens and did:ethr could be the same thing in the future
- Governance:
- Two aspects: who controls the spec and the contract
- We don’t need/ want tokens
- Funding: Maybe proposal to ENS foundation/ Ethereum foundation → also a big marketing tool
- Maybe put the code into a DIF working group for distributing governance → maybe it’s too big?
- DID DAO could be a central place for multiple smart contracts containing different SSI tools (revocation, did management, …)
- We don’t need a DAO on day 1
- If governance fails this trust in the DID registry fails → not rely on one smart contract maybe → there is an EIP that allows subscriptions between different smart contracts
- ethr-did-dao channel in Veramo discord is a good place for discussion on that
- The updated version has to be cheap/ not pricey to use
- We could benefit from a Sidetree option?
- Maybe usage of Anychain → cheap option that can turn into an optimistic rollup
- Ethereum DID WG
- Schedule a call where we all attend every 2 weeks, Thursday 12pm ET/ 6pm CET → we may rotate the time
- Done by the Veramo team in their Discord ( https://discord.com/channels/878293684620234752/917857852440330360 )
- Meetings should be recorded and put into
Attendees for Ethereum DID WG:
Hersh Patel - hersh.patel@trinsic.id
Ajay Jadhav - ajay@ayanworks.com
Philipp Bolte - philipp@bolte.id
Dennis von der Bey - dennis@vonderbey.eu
Lauritz Leifermann - laudileif@gmail.com
Otto Mora - omora@polygon.technology
Dale Olds - olds@vmware.com
Stephan Baur - stephan.x.baur@kp.org
Doug King - dwking@gmail.com
Keith Kowal - keith.kowal@swirldslabs.com
Italo Borssatto - italo.borssatto@mesh.xyz
Reinard Lazuardi Kuwandy - reinard.l.kuwandy@gdplabs.id
Nick Reynolds - nick.reynolds@mesh.xyz
Haydar Majeed - haydar@privatyze.io
