A Pace Apart (did:snail)

April 01, 2022 00:59:05
A Pace Apart (did:snail)
The Rubric
A Pace Apart (did:snail)

Apr 01 2022 | 00:59:05

/

Show Notes

did:snail is hands-down the most innovative DID method we know of. It connects the world’s most modern identification architecture with the oldest, most widely adopted long distance communications channel known to man, the international postal system. Join us for a talk with Amy Guy, did:snail creator, and  Dmitri Zagidulin, a co-author of the did:snail specification,...
View Full Transcript

Episode Transcript

Speaker 1 00:00:08 Welcome to the rubric. I'm your host, Joe Andrew Speaker 2 00:00:11 I'm Erica Connell, Speaker 3 00:00:13 And I'm Eric shoe Speaker 4 00:00:15 Deeply believe in backwards compatibility Speaker 2 00:00:19 Today on the rubric we talk with Amy Guy did snail creator and Dimitri Zagat Doolin, a coauthor of the dead snail specification to learn about this amazing did method Speaker 1 00:00:30 On the rubric. We meet the people, making decentralized identity a reality. We discussed the technologies and motivations behind decentralized identifiers, which encompass DIDs did documents and did methods. So you can make better decisions about which did method is appropriate for your use. Speaker 2 00:00:46 Decentralized identifiers enable robust identity-based services without dependence on a trusted third party. Instead of being forced to use centralized identity verification services like Facebook, Google, or the department of motor vehicles does, can be created by anyone anywhere and be used for any purpose. Speaker 3 00:01:06 Did methods are the magic ingredient that give ditch their flexibility before creating any specific? Did you first choose a DIT method, which determines how you perform the create read, update and deactivate operations on DIDs of that method once created each did includes the name of its method in the identifier itself, so that when you use the, did others know how to retrieve the associated document that contains the cryptographic materials for secure interactions, different did methods use different underlying mechanisms with different performance security and privacy? Trade-offs Speaker 1 00:01:36 This show, the rubric reviews different did methods with their creators and implementers. So you can make better decisions about when and how to use DIDs in your applications. Speaker 2 00:01:47 Amy Guy known as Viro lives by the sea and spends as much time as possible foraging mushrooms picking up litter from the beach and volunteering in the local community kitchen. Besides that Amy is a member of the open data services, cooperative, building tooling and standards to support open data for public good and also serves on the W3C technical architecture group. They have been working on decentralization related web standards with digital Bazaar and previously have been a team contact for the W3C and investigative data engineer for OCC RP, and a software developer or similar for various companies, large and small, including Google and the BBC. Amy has a PhD in informatics from the university of Edinburgh, Speaker 3 00:02:35 Dmitri Zika, Doolin as a software engineer in decentralized systems, focused on identity and authentication. He's the co-chair of both the VC EDU and the secure data storage task forces, as well as technical lead on both the true age wallet and the digital credential consortium's learner credential wallet. Currently he is working on applying the technology of DITs and VCs to the wild west of the virtual and augmented reality landscape. Speaker 1 00:03:01 Welcome to the show. Speaker 5 00:03:03 Happy to be here. Speaker 6 00:03:04 Thanks for having Speaker 1 00:03:06 Did snail is hands down. The most innovative did method. We know of it connects the world's most modern identification architecture, decentralized identifiers with the oldest, most widely adopted long distance communications channel known to man the international post system. Speaker 5 00:03:25 We deeply believe in backwards compatibility. Speaker 1 00:03:28 So let me start with the most basic question. What is did snail, Speaker 6 00:03:34 Joe Erica, Eric, I want you to close your eyes for a moment and imagine yourselves standing in an old bookshop or a library it's completely peaceful. The air is filled with a musty smell pleasant, and I see a breeze trickles in through an open window, bringing with it, the sound of birds chirping, and a distant wave crashing on the shore. You have no way to be. Nobody is demanding your attention. You can sit in a cozy armchair and read or rest as you choose for as long as you like, and you won't be disturbed that is, did snail Speaker 3 00:04:06 Dimitri anything to add? Speaker 5 00:04:08 No, that was perfect. Speaker 1 00:04:10 That is an amazing vision. So how does it work? Speaker 6 00:04:14 Well, I personally dream of a future where I never have to touch a computer game. Um, but I do acknowledge the benefits of them. Uh, for example, staying in touch with my friends all around the world, I'd love a way to become an off-grid Forrest hermit, uh, on escape from the constant flow of overstimulation and inflammation influx that the web brings, but still keep in touch with people who are close to me, but at a more gentle unintentional pace. So, uh, this is what we set out to achieve with this nail. Uh, so it involves breaking out your old school, writing implements paper pens. You might not have used them for a while. You maybe can't even find them. You might have to buy some new ones, uh, or borrow them from someone in the community. Uh, but once you, once you're ready and you have that, you can really get creative with it. Smile. I think it's one of the did methods that enables, uh, more self-expression than most. Um, so, and know if you ever had a pen pal in high school, um, or maybe sent postcards, uh, from, from holidays, it's like that it's a similar experience. Speaker 5 00:05:20 Okay. So if you, if you've looked at the specifications and you wished that I wish my dead method had more eliminated manuscript potential in it, there you go. We've got, we've got the dead dead method for you. So for myself, what I really like about it is it really highlights the universality of computation, right? The, the same sort of thing that touring and Alonzo church and, and so many other philosophers of technology of computer science, uh, have been fascinated by that you can perform computation, you can perform communication on any number of digital machines, but also deeply and fundamentally, uh, at the real world analog level. So though this nail involves, uh, pieces of paper and, uh, traditional postal communication. It is very much a conformance did method. Speaker 2 00:06:22 And the spec, it says, we believe did methods should be inclusive as well as resistant to the inevitable impending robot apocalypse. Why did you create it snail? Speaker 6 00:06:33 Well, between 30 and 40 of the world's population still don't have access to the internet and of those who do many struggle to actually take advantage of it for all kinds of reasons. Uh, so as we raced towards digitizing and networking, everything, this gap only widens, and we run the risk of creating a two tier society of people who can participate fully in society through the internet, and those who are excluded. And this is a tragedy that we need to avoid. Um, and something that I think old technologists have morally bound to consider when designing or dreaming of new systems, Speaker 5 00:07:03 A hundred percent agree with all of that, uh, for myself, I don't, I would also add, I really think it can serve an educational purpose in the sense of users trying to understand what are these DIDs all about? What are the, what are the boundaries? What's, what's the envelope, the flight envelope here, uh, can read our specification and hopefully understand the whole did thing at a slightly more deeper level by connecting to something so very familiar as, um, as male. Speaker 3 00:07:34 Yeah, that's very cool. Would you mind giving us the origin story for did snail? How did you guys get involved with this and what kind of prompted you initially to create this method? Speaker 6 00:07:45 I think I was almost certainly sitting by the sea gazing up into the middle distance, um, with my laptop nearby feeling very resentful about its presence, uh, and not throwing it into the sea, but, you know, the temptation is always there and I thought, okay, just discarding. My laptop is not a solution. There is still in my work for me, but there were other people, you know, who don't have that luxury. And so I wanted to build something that would connect with, for, for all those people who, who wants to throw the laptop in the sea, but it's just not feasible. Um, and then I was lucky that Dimitri was living on the other side of the world. Uh, and so it was a perfect candidate for doing some of the really difficult edge case tests that we needed when we started to implement, uh, do, to testing with the, with the method. Speaker 5 00:08:39 Uh, so when Amy texted me with this idea, I was all in, as we know, one of the hardest problems in computer science is naming things. So when I saw dead snail, it all became clear. I loved it. Speaker 3 00:08:53 So the name roped you right Speaker 5 00:08:55 To the project Speaker 6 00:08:57 And we use the emoji rather than the word stale. Of course, Speaker 1 00:09:00 I understand we're throwing our laptops away and we're relaxing by the sea. And we've maybe have some old school implements of pencil and paper. Can you walk us through how we use this ancient technology to actually perform these, create, read, update, and deactivate operations that are intrinsic to all dead methods? Speaker 6 00:09:21 Well, the first step is to create an identifier. Well, actually there's a caveat. I did say that you can use that snail without touching a computer, but that assumes that there is someone who can either print out right out or read out the spec for you. But that said, if anyone would like to write to me, I can hand write a copy of the spec and post it back. I'd be happy to do that, uh, to avoid the computer in the loop flow that people, uh, the first step is to create an identifier. Does doesn't offer them in the spec that you can follow with some examples it's quite straightforward. You definitely don't need a computer to do it. Uh, what you do need is an address, but you could also use it a PO box or something like that, or an office address. Um, and with that, you can create a document. It can take a bit longer, but it can be really fun and you can get really creative and express yourself. You can write it out on any medium you choose. Like the simplest thing is just to take a pen and paper and write your document that way. But you could cut out letters from a magazine and stick them, or, you know, you could use glitter or a finger paints. Like there are all kinds of options. Uh, Dimitri, do you want to talk about the read operation? Speaker 5 00:10:30 Sure. So, uh, just, just a, a quick comment to add about creating your dead identifier. So if you've got to set the spec, one creates the date identifier by writing out your name and address in reverse specificity order. So obviously you start out with VRF and then your country, your, um, mailing address, and then your name. One of my favorite science fiction series is the culture series by Ian M banks, um, Scott Scottish author, and the way they formed full names in that universe is almost exactly like this. They also added the star system before the planet, but we didn't want to be pretentious where we strongly believe in, um, until our civilization discovers faster than light travel in one star system, um, civilizations. So Speaker 6 00:11:27 That remains an extensibility points for future though. It's definitely not excluded. Speaker 5 00:11:31 Thank you exactly. So be great. You're identified by writing out your address and name, uh, you then compose, he read request message by, and the spec will detail this in a lot more, um, detailed, but you essentially write down, please give me your document. Please send to me your dead documents. You write it out on a, on a piece of paper, you put it in an envelope. Very importantly, you include a stamped self-addressed envelope for the return message and you mail it to the recipient who then writes out in whatever way. Uh, they prefer their dead document, puts it in the return envelope and mails it back to you. So that's the, that's the read operation. Speaker 6 00:12:18 One way to think of it is it's like email, but you may have to go outside for part of it. Speaker 3 00:12:23 There was, uh, one comment in the spec that I believe because most postal services are centralized. You mentioned passing the envelope from person to person until it reaches the destination. I was just curious if either of you ever used this method that you mentioned or, um, had it worked for you, Speaker 6 00:12:42 We call this the six degrees of separation technique. So this is like the, obviously with everything along the centralized to decentralized spectrum, there are trade offs to do with speed and reliability, depending on how centralized or decentralized you want something based at a fully decentralized option as to look at your network at the media context and choose one of them to handle at the two. And that person then hands it onto one of their contacts and in pretty solid scientific theory with less than six hopes, the letter should reach the dressy, but you do need to be strategic about who you hand it to you and we don't advise randomizing it. Uh, it can also be a great way to meet new friends. Speaker 5 00:13:18 This is what I mean about educational. It really does make you think about your social network, about the web of connections that we all have between people. So, as Amy mentioned, the technically we did not test out the peer to peer six degrees of separation method off sending, uh, when drafting the spec in life in general, I've certainly used that method common in, um, any sort of immigrant communities passing back money, objects gifts with people frequently traveling back and forth, uh, to the previous country, especially valid and relevant when there are import export and, uh, other border control situations at play. So the real dropping down on a peer-to-peer Sneakernet style, uh, is definitely a valid approach. Speaker 6 00:14:10 And it's also worth noting that in many countries, there are private Cory's as well as the national place will say this. So they're still centralized, but they provide some alternative options. And if you're feeling really entrepreneurial, you can set up your own. Speaker 2 00:14:22 And so how about the update and deactivate operations? Speaker 6 00:14:27 You have a lot of options here. There's some flexibility in the spec for updating and deactivate, and they can be quite fun. Um, you can involve a paper shredder or set, set something on fire. Uh, you can also just screw up the document and put it in the bin a lot can depend on like the implementers personal circumstances and they don't affect interrupt between implementation. So that's why we have the quite open options in the spec here. A really important part of updating the document is to remember to initial next to the changes in the margin. That's a security feature. Speaker 2 00:14:59 Let's talk about fees. How do you expect the fees to change over time? And are there any ways that you know of to keep costs down like gas or, uh, Bitcoin fees? Can you scale the, did creation to make the DIDs more cost-effective Speaker 5 00:15:16 All right. So how much time do we have volumes can be written on post office fees on the mechanisms behind inflation, as you have a very deliberate and artificial, either changing or freezing of a post office piece. So use your imagination here. Volumes can absolutely be written you're absolutely right. Fees do apply. And again, in, in keeping with our emphasis on education and, uh, conscious deliberation, we want to illustrate that these always apply when you're using other debt methods, such as did key or did web, although they are effectively free to the user, there is still, there's still fees for electricity for powering your screen for, for purchasing the equipment, the awesome worldwide machinery of the internet, all of those things, uh, all those have costs. And here in did snail that cost is very neatly packaged and illustrated by a government post office stamp. So we really like that feature. Speaker 6 00:16:18 There are a few options for kind of hacking the system though. Uh, I'm not saying that we necessarily endorse these, but it's worth acknowledging them. Uh, sometimes stamps can get through on franked by the system. So it's worth saving these up from your mail, and then you can reuse them. You can also try writing the destination address on the back of the envelope, um, mop sent from, and then scroll return to sender on the front. It's not a hundred percent reliable and have like an already stumped on that. But, uh, many postal services will just turn that around or we can also Polish capitalism and established the national postal services. This is a cooperatively run service in the public interest. Speaker 1 00:16:55 One thing that I think makes this snail unique amongst the methods that I have looked at is that the did subject plays an active role in that resolution process. You touched on it earlier, but could you describe what it is that they're doing and what happens if they are not available to do it? Speaker 5 00:17:16 Ah, you mean the, the signature and or a wax seal part? Speaker 1 00:17:22 The way I understand it is you send a piece of mail to the subject and it's the subject then who has the responsibility to respond Speaker 6 00:17:32 The way it works, basically makes each dead subject and implement it, right? So you're very, you know, close and in touch with the whole process as a, that did subject a lot more than you might be with other dead methods. You make the document by hand, uh, you read and write requests and responses directly to other people. You don't actually have to use a pen and paper to write stuff down. You can type things in, print them out. Like many people who are stuck in their ways might prefer to do that. It's an option or a typewriter as well, but this way you aren't relying on anyone else's code for your secure communication. So you can have 100% confidence that if part of the process didn't work, it's entirely your own fault. Speaker 5 00:18:13 That's a really good point about the subjects. Uh, hands-on involvement in this. So much of the conversation in the dead space on the decentralized space revolves around agents revolves around delegation that one of the vows, one of the sacred vows that we have sworn as the dead community is we vowed that the user will never have to deal with DIDs directly, never have to see the long string on a screen. We'll never have to type out the dead. And we offer up dead snail as a sort of an exception that proves the rule. This is one of the very few cases where the subject will actually have to write out the dead will actually have to think about the essential as identifier outside of it's. Isn't a big string that your wallet, your digital agents are dealing with. We of course understand the, uh, real-world power dynamics of, uh, there are such things as secretaries and executive assistants, so that, uh, if your lifestyle involves you never touching, uh, a piece of mail on your own, and then having your secretaries do it, certainly this is compatible with that setup, uh, where you designate, uh, an explicit, uh, human agent to handle it. Speaker 5 00:19:31 But of course, that does seem to be going against the spirit of the spec. Speaker 3 00:19:36 The spec has a lot of language such as may and should in different places when you're describing the credit operation. Every once in a while, there is a must question from reading. It is how critical are the must procedures, for example, under the reap procedure, the spec says you must not write anything mean when you're creating your DIT document. Uh, do you mind just talking a little bit about that Speaker 5 00:20:00 Th this right there, I see this is a sign of a great engineer and an old hand in standards processes when encountering a spec immediately zeroing in on the musts, because you're right in a, in a certain light, the musts are the core, the skeleton of the spec in a lot of, uh, in a lot of groups, the way you generate test suites, very important, uh, piece of technology, incidentally, the way you generate test suites for a spec is you literally print out all the musts and then try testing them in a machine-readable format, which leads us to all sorts of interesting considerations of how do you test in an automated machine readable way that the sender did not write anything mean? We get into all sorts of sentiment analysis and general purpose artificial intelligence here, which we leave as a exercise to the reader. Speaker 6 00:20:52 The, this particular case of this must statement is in there as an ethical consideration. So we recognize that often standards are out in the world and people can purpose them in ways that the original authors didn't intend. Uh, and we would be absolutely distraught at the idea of someone using the snail to send hate mail, for example. So we added this statement so we can denounce implementations that did that as non-conformance, Speaker 2 00:21:15 Well, I'm fascinated by did snail. And I have to say I'm pretty new to the decentralized identity space. And I've read through quite a few did methods, but this is the first spec that I read through that really made a lot of sense to me. And I feel like I may even have inadvertently used Smail before. And that made me curious who who's using. Did snail, how wide is the application today? Speaker 6 00:21:45 Well, we're actually in talks with some UK local authorities who are absolutely incapable of digitizing anything. Um, and don't have the funding to upgrade from their print handwrite, a form, scan it back in system for important communications with the public about for example, planning applications or housing benefits. So there's nothing confirmed yet. And we can't really talk about, uh, exactly who we're discussing it with, but there's definitely things in the works, but also when I'm traveling, I send postcards to my grandma in the UK. So we set up a dead snail identify that, um, my grandma, who was a regular listener of this podcast has had some trouble following the did book, as there's so much to keep up with. And also she has dementia, but she was thrilled, but as it did method that she can use without having to set up any new technology. Speaker 5 00:22:34 One of the things that we intend with this spec is whatever the benevolent version of a Trojan horses, uh, we, we intend to it as a sort of a Vanguard for better tooling, better consumer grade tooling for working with, uh, DIDs and cryptographic material. And I'm very serious about that. So think, think through thinking your mind, the actual steps that you have to take when, when you inevitably receive a postcard or a letter that says, please send me your dead document. This means you have to start thinking about your private keys and whether or not you're going to use a one private key for authentication, uh, signing up credentials, encryption, such as what did key does, or if you're going to follow best practices and actually set up multiple different keys for each one of those purposes, right? You're going to have to generate that key. Speaker 5 00:23:27 You, you're going to have to see, realize, and write it down on the paper. So presumably you have, there's a subtle pressure for more concise, shorter, jeez rights, so that you can write less than use, uh, less ink and less paper. Uh, so there's that subtle pressure towards these ability there, you're going to have to remember that case. You're gonna have to remember, okay. Uh, am I going to make like a, uh, Bitcoin enthusiasm, enthusiastic and set up a cold storage wallet? I'm going to write out my private key and I'm embedded in the family Bible or in, um, an actual, like, uh, iron and tungsten wall safe. Right? So it involves a lot of, uh, technical considerations and we hope to provide the tooling, both the digital and online. So an easy website that says, okay, um, generate a concise key for me that I can use for D uh, did snail. And also the hope is to reach out to the maker community out there. There's absolutely no reason why we have to why, uh, those of us aversed to using computers, to miss out on generating and storing private keys. So this, this is an open challenge to the community out there. I give us analog devices for, um, uh, cryptographic operations for signatures and a key generation, Speaker 6 00:24:47 Or even just pages and pages of tables that you have to cross reference. Like when you do a us tax return, uh, to eventually get the hash at the end of the, Speaker 1 00:24:59 Now I want to turn our conversation to the next phase of our podcast, which is to talk about the people, the people involved who helped make this happen. Obviously we're going to start with the two of you, but also other folks. So how did you personally get involved with DIDs and decentralized technology? Speaker 5 00:25:16 I sort of arrived in the world of decentralized identity, via decentralized databases and personal storage. I was working a previous life for a distributed database company. And given this, this powerful, flexible sort of no SQL engine, I started writing decentralized style apps and quickly ran into a traditional problems of authentication. I wanted to write a grocery list applications or to do applications where I can easily share the app with, with my friends and family. And so the usual pain points of cross domain identifiers of cross domain log-ins cross domain access control popped up. And that's where I started looking for what the state of the art was there. And at the time it was all off to, uh, which, which is both better than nothing, but still very, very limited. I was also looking to switch jobs and I saw this, um, opening at MIT for Tim Berners Lee solid project. Speaker 5 00:26:19 And I thought, this, this is absolutely perfect. This is my dream opportunity on that's. That's how I involve got involved in solid and decentralized personal storage. And Ian crossed a main identifiers web IDs, which in a lot of ways are the spiritual precursor to DIDs. Uh, so some of the leaders in our community like, uh, of Sporney and, um, drum and read we're working with the, the ancestors of the dead did spec, uh, with things like XDI and, and web IDs. So which are like dads, but less tightly defined with slightly older cryptography and, uh, specifically bound to, uh, HTP documents. But anyways, so I got involved with a solid project, um, became a, an engineer for it. And that's actually where I met Amy, uh, at MIT for the solid project. I then moved on to various startups and, um, kept running into Montessori warnings and digital bazaars work. Speaker 5 00:27:21 So for example, they were the implementers of the web ID library, but the solid project was using. And so I kept, um, encountering them both in the libraries and the specs I was using. I met them at various conferences and then, uh, reached out to monitor to see if they were interested in, in, uh, contractors and in collaboration. And they were, and then I started working for digital Bazaar, and that was diving in to the deep end that was diving in head first into this world of DIDs, of verifiable, credentials, of encrypted, decentralized storage, all the things we know and love. Speaker 2 00:28:01 And Amy, how about for you? Speaker 6 00:28:03 My background is in decentralized social web stuff. I was in the social web working group W3C. I was team contact for that group for a while, but I got involved with that because I was working on my PhD at Edinburgh on, I don't even remember what the topic was supposed to be, but instead of that, I was, uh, procrastinating by joining W3C working groups. That sounded interesting. And then I procrastinated so hard with the W3C working group that had to switch my thesis topic to be about the social web instead, because that's all I was working on. And through that, I ended up joining the solid team as well, like to Maitri, um, writing a few specs in that group and seeing that process through. And then I burnt out really hard because I was very emotionally invested in the whole thing. And we had a few challenges didn't we Dimitri in the group. So I left the U S and went to Asia and worked in a cafe in Malaysia for awhile. I did finish writing up my thesis. And then I just took a break from the standards world and W3C, and tried to recover some of my brain that had melted Speaker 5 00:29:15 Standard's word. Speaker 6 00:29:17 It did well. My friend from the social work working group, Christine Webber was working with money and digital bizarre at the time and told me that, uh, this, this did community. Th they're pretty nice. It's not like the social web was it's, it's a nice community. So if you wanted to come back into standards, this is a great, so I took the bait and that's how I ended up here. Speaker 5 00:29:45 And now look at you, uh, working for W3C is a technical architecture group, no less. Speaker 2 00:29:52 What's important about this decentralized identity work to you personally. Like what was the thing that made you go, I want to, I want to do more of this. I wanna create in this world and work with these folks. Speaker 5 00:30:05 I really liked the community. Uh, and I really like some of the projects that the community is working on for myself. It's, um, very much a practical pre pre-requisite to the kind of applications I want to write. I want to write collaborative social applications, the project management, the, uh, household management, uh, grocery lists and recipes and all that stuff. Uh, I want to write a small team collaborations suites, uh, imagine the whole host of, uh, typical software that you have to spin up when you get together with a small team at a hackathon. And it's typically a mish-mash of all right, let's find something for chat. Let's, let's find something for code, uh, source control, like, like gets, uh, documents to collaborate on how are we going to share files all of those things. And at the moment, all those things are disconnected. Uh, many of them are anyways, so Speaker 6 00:31:03 Right. They're either disconnected or completely centralized under one provider. Speaker 5 00:31:08 Exactly, exactly. And even the current level of centralization, you still don't have a single centralized provider that has all of those things. Fortunately, we don't actually want that timeline, but anyways, so I really want the practical prerequisites that decentralized identifiers, uh, enable for easy collaborations, uh, across web domains, across companies, things like onboarding new contractors, uh, for our corporation. Uh, anyway, so you get the idea Speaker 6 00:31:42 For me, it was really a seeing these monopolies of big companies just getting bigger and there just being so few options for how to just live your life and stay connected with people and do things with technology and seeing the way the big companies and trench existing power imbalances in the world and exclude people and bacon biases and target people unfairly and all the injustice that comes from these systems that are just so Paik and so pervasive that people who use them don't even realize what they're using. People don't know they're being surveilled. They don't understand behavioral nudging because of just the videos in their social feed that doesn't even occur to some people what's happening and it's just agonizing to see it every day. And so I'm looking always for alternatives to this, because I want to be able to live my life without a phone. Speaker 6 00:32:45 I don't want to have to provide my phone number to log in to something I just want there to be. So I want a diversity, a landscape that has all possibilities for me to participate so that I can choose what works for me and be really intentional about how I interact with technology and information and not just have it forced on me or, uh, to just not have a choice about it, see the disconnect completely, or throw myself into this ecosystem. There there's so many possibilities in the middle there, and I think it's really important to work to enable this. Speaker 5 00:33:22 Yeah. If I, if I can just add a couple more, a couple more to that. So when I say we want a decentralized social software, let's, let's talk about something that you can create. Let's talk about decentralized Facebook or decentralized Twitter. So Amy and I met, uh, working on such a project working on at the W3C <inaudible> social web working group that did the protocol and data model for how a decentralized Facebook decentralized Twitter will come about. And that's one of the necessary ingredients in order to redo Twitter, you need the data model in the protocol, but you also need an identity and you need access control. And so, hence why Dead's necessary a piece of infrastructure for decentralized Twitter. Speaker 3 00:34:15 So obviously it did snail wasn't, uh, the thought trail to just the two of you. There were other people involved who were the other collaborators on, did snail, who might've had an exceptional influence on a particular design choice or feature that you ended up with. Speaker 6 00:34:30 I think we've chatted about it with various people at rebooting, the web of trust conferences. Um, Yancy ribbons is on there as a coauthor of the spec from some of the early kind of drinks conversations about the work that really we've just been influenced by all of the inspiring people in the rebooting of trust community. And my grandma. Speaker 3 00:34:51 Grandma's important. Speaker 2 00:34:52 We're going to move into the next section of our podcast here and talk a little bit about conflict as you developed. Did snail, were there any particularly difficult technical, political, or other challenges? Speaker 6 00:35:08 Yeah, one of the biggest barriers is the differences and implementations of postal services around the world. So large institutions like this can quickly become wrought with fraud or inefficiencies, and it can be difficult to want to build services around them. For example, the British post office has been involved with a decades long scale and all that ruined the lives of many employees and was naturally caused by can keep the errors on top of that. Some countries have very limited addressing systems. I worked on this a bit when I was in Albania where addresses can be things like the yellow building across the road from hotel, ABC, and people expect to go to a post office to pick up the mail rather than have it delivered to their doors. So I think a really important thing I've learned from this is that to enable people to mint their identifiers in such a way that makes sense in their local context. But we do need to do some work on this for the implementation guide. I think Speaker 5 00:36:00 Absolutely one of the most fascinating topics in the standard space is specifically postal addresses. So you often encounter this, uh, and engineering team gets, gets the assignment code up the data model for postal addresses, right? For, for billing, billing, or mailing addresses, or, uh, perhaps the address section of a user profile. And first of all, you get into all sorts of, um, internationalization, um, issues. If it's a U S team, then there's 95% chance that they immediately just list out the typical address fields that are used by the United States. So you almost inevitably get city and zip code and state to which immediately the follow-up is. Okay. No, we actually also wants to be in Canada and Mexico and in Europe, which means zip doesn't apply. So you have to rename it to postal code. And, uh, some of them don't have states which, uh, you have to, uh, write region or, um, or locality, right? Speaker 5 00:37:03 So you start, you start having that kind of conversation. And so typically the intended audience is international. You end up with this more general purpose, uh, address, but that doesn't get into the kind of things that Amy mentioned, uh, the yellow house across the street from the postal service. And in fact, once you do one work in the standard space, uh, you realize that, uh, even more so than names, postal addresses are, is this, um, kaleidoscope of, of different approaches on, there are such thing as a, um, like a United nations or universal post office standards body. And they do genuinely try to capture how you express addresses for all the countries in the world. And what they end up doing is publishing all of these massive specs, localizing addresses to different, right? So here's a, here's how you do a us address a UK one, a Malaysian, one, et cetera. And then they, they map machine readable translation between all of them. So it's an absolutely fascinating, uh, topic. So that, that definitely was one of the sources of, um, not controversy, but the design challenges that we're facing when doing the snail. Speaker 1 00:38:18 So in the area of authentication, the specification says you should use analog signatures. And I quote, signatures are good enough for the U S banking system. They're good enough for snail mail DIDs. Don't you have some security issues about using analog signatures. Speaker 6 00:38:34 Yes. Signatures can be easily forged. My own father's signature is just a squiggle that is different every time he does it get, they are still in wide use globally. And there is absolutely nothing wrong whatsoever with the U S banking system. So I think it's fine for us to use that as a gold standard, Speaker 3 00:38:51 As a follow-up to that. What would you recommend for those who can't produce an analog signature maybe because they don't know how to write because they grew up in the digital age or their writing skills have atrophied, or maybe they have some sort of disability that prevents them from writing as most of us would Speaker 6 00:39:08 We solve that problem in the same way that the us banking system solves that problem. You can look that up. Speaker 5 00:39:15 In addition, we can get into all sorts of fun topics like, um, heraldry right. We, one of the, one of the methods for authentication that we mentioned in the spec is a wax seals. So you can start getting into a seal rings and, and your purse stamps, and, and heraldry off of how do you create a unique, how do you create an enforce a, a unique graphical, uh, signature, which is really what a, uh, what a wax seal is. Speaker 6 00:39:44 You can also include a Polaroid of yourself with today's newspaper as an alternative to this thing, ninja Speaker 5 00:39:51 Lots of options. Speaker 6 00:39:53 This is material for the implementation guide. Of course. Speaker 2 00:39:56 Yeah. Lots of good solutions there. Can you speak to the Etch-a-Sketch problem? Speaker 6 00:40:01 Absolutely. In early testing, we were looking for letter writing media that would let us make updates without having to throw away the whole did document and writer. And you won, unfortunately at just sketches are just too unstable. We had about a 92% failure rate with them, making it to their destination on shaken, which is not acceptable. We did have better luck with slate, tablets and chalkboards, but the postage costs are very high due to the weight. Speaker 5 00:40:25 And we do care about economic wellbeing of our users. Speaker 1 00:40:28 So I noticed that did snail is not in the W3C. Did spec registry. Speaker 5 00:40:34 It is wait, wait, wait. It is Amy. Did I I'm. Hold on, hold on one second. I, I thought I checked on this one moment. Amy, did we not register it? Speaker 6 00:40:47 It predates the did spec registries. Speaker 5 00:40:50 Ah, Speaker 1 00:40:51 So I had assumed that this was a political slight. So let me ask this question. When can we hope to see this travesty corrected Speaker 6 00:40:59 By the time this podcast, as Speaker 5 00:41:02 Very soon you write that it predates you right? That it predates. I do remember making pull requests to some early lists that was before the, the dead spec registry. Oh, we're going to have to correct this, uh, deep apologies. Uh, Speaker 6 00:41:15 Absolutely not that political slight. I can promise you that, Joe. Speaker 1 00:41:19 Good. Well, I look forward to seeing that fixed Speaker 3 00:41:22 One issue that comes up with dead snails since you did document is kept in your home as the possibility of a break-in. So is it possible for a burglar or someone in your home without your permission to update your did snail document did document without your permission? How is this handled? Speaker 5 00:41:39 So let's talk about you don't have to be faster than the bear problem. So, uh, everybody's heard the joke that, um, several people running away from the bear and, and one of them saying, I don't have to run faster than the bear. I just have to run faster than the slowest member of, of sad party, what we're trying to illustrate with a dead snail. And then this came up in, uh, in Amy's comments on, uh, not much different from let's say the us banking system and then their authentication. What we're trying to emphasize here is that where we're passing the bar of industry best practices. So our dead method is as secure or as insecure as best practices in several industries. And I would wager that includes the security considerations of what you're asking about private key storage among, uh, all the did methods, because what you're really asking about is how do I store my private key securely? Speaker 5 00:42:40 And yes, of course there is a encrypted backup online and on various, um, cold wallets, but there is also analog cold storage wallets where people write out their private keys or passphrases on paper and hide it somewhere where they chisel it into the titanium, uh, of their, um, metal tablets as some of the Bitcoin and Ethereum, uh, enthusiasts do. So one of the claims that we would make is yes, absolutely. It is a security consideration. And I think we even call it out as an issue on the spec, but store secure storage of private keys is a genuinely hard problem. And we don't, um, we don't feel that we, that, that this particular did Methodist is less secure than others. It is a something that humanity as a whole will need to solve on a, on a consumer level. Speaker 6 00:43:30 We do make some recommendations for security in your home. Like making sure you have good locks on your doors, you could keep an unsafe, we ran some trials where we put the documents in different places in people's homes, and then tell the stranger to go in and find them like simulating a break-in to see what the risk levels kind of were. And the best success we had was one that did document was just shuffled amongst a messy stack of papers on the desk, rather than in any particularly secure location, Speaker 3 00:44:00 Hide it in plain sight. Speaker 5 00:44:02 Yeah. So we look forward to more empirical studies along that route. Speaker 2 00:44:05 How did the features of dead snail offset the challenges, uh, in particular, the challenge of the lag time between creating and reading? It did snail document Speaker 6 00:44:17 What's the hurry time is an illusion. Speaker 5 00:44:20 This in a way is another favorite topic of conversation of, uh, the decentralized identity and standards community specifically. I suspect because the work is being done at W3C, which means, uh, it can't help, but be a web focused conversation, which tends to mean HTTP as the protocol, which tends to be a, uh, request response, synchronous kind of method that typically does not play well with human scale delays. Right? We're all familiar with, I'm trying to pull up a document on the browser and after a few seconds at timing out could not reach the server. Ah, that's very different from, again, human scale and bureaucracy scale delays in a typical identity document protocols. So by pointing out the delays and he's absolutely right, what is the hurry we want to encourage, uh, did protocol makers to consider that, uh, in the real world, especially when dealing with such weighty matters as identity and authentication, uh, there are delays until you have to make sure that your protocols. So I just did resolution protocol is able to tolerate those kinds of delays. So, so we, we believe that, uh, it's a feature, not a bug. Speaker 3 00:45:37 So from that, I think I know the answer to this next question, but are you concerned with did email being more efficient? Speaker 6 00:45:42 It's true that historically email use has outstripped the postal services pretty rapidly, but as we see more and more movement towards slow technology, I'm in the small web, we're confident that there will always be a place for services like snail plus in the event of widespread electricity outages caused by an alien invasion or something like that. Having postal services as established for that music communication will be very useful. We also encourage listeners to look into the did semaphores and did smoke signals methods for similar reasons. Speaker 1 00:46:13 We will have to check those out in the specification, EOF, a very brief privacy consideration section. And, uh, frankly, I'm a little surprised by that. How do you address the lack of privacy or anonymity and did snail, what w how do you deal with interlopers who might be watching this did process and potentially seeing all the communications that you are using to send this sensitive information back and forth. Speaker 6 00:46:39 It's worth noting that in many countries opening someone else's mail is a criminal offense. So if your mail is intercepted, there can be legal recourse. So it's, I think it is important to remember the systems we have in place to maintain society and not assume that we need to find technical solutions for every issue that said, it's definitely a case of making sure this did method is appropriate for your use case. If you need absolute poverty, you might be applies to look for a different dead method, or you can mention identifier at a temporary address under a pseudonym or using a PO box. And another really useful mitigation is to live alone. Speaker 5 00:47:16 Absolutely. So yet, yet again, on the subject of, uh, education, we very much want, um, users concerned, an educated citizens really, to be fully aware of, of their rights. And a lot of people are surprised to learn the real legal boundaries of privacies in the world they live in. For example, the question of is your trash is the garbage, your household garbage that you put out for a trash reclamation services, is that public or private, Speaker 1 00:47:47 It's not yours. Speaker 5 00:47:49 It's not your, exactly where are the boundaries. So presumably if it's trash or your mailboxes inside your house, there's one level of privacy. But as soon as it gets put out on the curb, uh, it's a completely different level of privacy, which often differs from the expectation that, okay, we don't really expect people to rifle through our garbage, uh, same thing applies to the mailboxes. And as Amy pointed out, there are legal protections for that. And then you want to be aware of the laws in your jurisdiction. And of course, I would be doing a disservice to our listeners if I didn't mention some of the more, uh, conspiracy theory, friendly aspects of the mail service, such as in the United States, the Comstock laws and the Comstock, uh, section of the postal office, which is deliberately and explicitly involved in surveillance, censorship and spying for, in areas of national security of the postal service. Right? So while we can always improve our spec and add more links, we definitely encourage users of dead snail to do their homework, to find out about the world they live in from a, uh, male securities standpoint. Speaker 3 00:49:00 There's an issue posted on the spec issue seven, uh, regarding valid duplicate DIDs. Uh, for example, what if two people the same name live at this same address, a famous example of this might be George Foreman, I believe named multiple of his kids after himself. So there's multiple George foreman's living under the same roof. How does did snail deal with this kind of conflict? Speaker 6 00:49:23 Do you have a contact for George Foreman? We would love to hear reports from people in this edge case situation it's, as you say, we have an open issue. We think that possibly using a nickname might solve it for most cases, as long as the two people with the same name can agree, but this is something we want to take off an implementation guide, but it is something that we need to do more user testing with. Definitely. Speaker 3 00:49:46 Yeah. Well, we'll see if we can't get you George's contact information. Speaker 6 00:49:50 That would be fantastic. Nikki, Speaker 1 00:49:52 Moving then to our last segment, we like to talk about what's next. And I want to start that with how's it working out now? Speaker 6 00:50:02 Well, in 2017, Dimitri sent me a request and when did document using gets nailed, and I still not got around to sending the response, but I am hoping to do that this very week. So I think it's going great Speaker 5 00:50:18 Feature, not a bug testing, uh, extreme edge cases of a very long time periods. Speaker 6 00:50:24 I don't see any negative consequences to this. Do you? Speaker 5 00:50:28 I'm not at all. Speaker 6 00:50:29 The only drawback so far has been that the did core specification has gone from a pre working group to a PR status in that time. And it's changed maybe a little bit Speaker 5 00:50:43 CNN. And because of that, it may be a benefit that you didn't send the document earlier because now it would be incompatible, right? We we've, we've made several breaking changes to the did spec, uh, renaming the public key property to a assertion method and so on. Right? So we believe that a great case for procrastination. In fact, I, I remember being very struck, um, in my computers computer science department, back in college, when I learned that there is a form of class of computer science problem problems that are solved just by waiting as in there is a technical term by the kind of computation problems that are solvable only by waiting a number of years until Moore's law catches up, produces faster and more powerful computation, better algorithms, and only then something will be able to be solved. So I'd warranted that same could be applied, um, to, uh, Amy's case, right? Speaker 6 00:51:42 Everything's on track as far as I'm concerned, Speaker 5 00:51:45 Everything's on track and we're waiting until the did spec settles down until the key format wars are fought, right. I'm not sure if it's talked about enough in the dead space of, okay. We have compatibility on the data model layer, but maybe not on the cryptographic key format and serialization layer. So Amy, take your time with the documents. I think it'll only get better. Speaker 6 00:52:07 Thanks to meet you. I appreciate that. Speaker 2 00:52:09 Yeah. It's exciting to know that. I mean, I want to start using dead snail right away, but it's, it's great to know that if I don't that's okay. And I can start, it will be just as effective sometime from now, Speaker 5 00:52:23 If not more. Speaker 2 00:52:24 Yeah. As it is now, which is sometimes with TAC, you feel like maybe you miss the boat if you don't do it right away. Right. Cause the next, the next coolest, uh, iteration is coming out and this, this feels a lot more like I don't have to keep up with any Joneses and I appreciate that. Are there any particular, did snail projects on the horizon, like what's, what's next for did snail? Speaker 6 00:52:47 Well, we're in the process of documenting the sustainability and environmental concerns of this did method, which is something a lot of people are thinking about as our climate rapidly deteriorates. So we should have that update out actually by the time you're hearing this podcast, besides that there are a few remaining issues to resolve, but for the most part, I think we're just going to be building, building, building implementation is key. And there are lots of variables to do with geography or letter writing Vidya that we would have loved to get the early tested. Speaker 3 00:53:17 So if someone was interested in trying to help out with one of these, uh, issues that you're currently dealing with, what is snail, how would they listener get involved? Speaker 6 00:53:25 I'm so glad you asked. It's easy. You, we would love you to send a postcard and write on it, how you'd like to get involved. And don't forget to include your return address, the address to send it to is the dead working group of W3C 1 0 5 Broadway, route seven dash 1 3 4, Cambridge, Massachusetts, 0 2 1 4, 2 USA. Speaker 1 00:53:47 Excellent. We will definitely put that in the show notes. As we wrap up the podcast, we like to ask all our guests, other than the method we're here talking about today, did snail. What's your favorite did method, Speaker 6 00:53:59 Have you heard of, did Micah did Miko? Yes. It's a did method that uses the mycelium networks and forests definitely have that. Speaker 5 00:54:08 Amy, if you need a collaborator or a co-author on that spec, I'm so in, Speaker 6 00:54:13 Oh, it's not mine. That's just one that's out there in the wild. Literally Speaker 5 00:54:18 We need to get in touch and share, share the implementation experience that, that we've gotten from dead snail lessons that the did Miko, uh, group might, um, might appreciate it. Uh, for myself. My favorite methods aside from dead snail, of course, uh, is, did QI and did web, uh, which I had a hand on in, um, uh, both implementations and specs writing. Uh, and of course personally, I am kind of waiting for did virus one, two to arrive. I really liked some of the properties that it has, uh, but in general, I'm very back tickle, uh, I'll I'll code and use, um, whatever customers demand. Speaker 2 00:54:53 All right. Well, we'd like to take a moment now for our shameless plug segment of the podcast. Speaker 3 00:54:59 I'll start, want to announce dates for the first life are what event post COVID in the Hague, in the Netherlands the last week of September 20, 22. So hope to see you all there. Speaker 1 00:55:12 Ooh, I'm excited about that. Speaker 5 00:55:14 I'm real excited about that. Wow, fantastic. Okay. Uh, two plugs. One is three Speaker 5 00:55:25 Shameless. Keep an eye out for the true age wallet for a consumer grade age verification in gas station, convenience stores and grocery stores near you. If you happen to need an open source, which is very rare mobile application that handles DIDs and verifiable credentials, definitely take a look at BCC'd learner credential wallet, uh, feel free to search for it in, um, the app stores look at screenshots and so on. Um, please reach out to us if you have suggestions and more collaborate there. And lastly, really interesting virtual reality and augmented reality use cases, uh, can be run right from inside your browser, as well as on straight up VR headsets, consumer grade AR glasses are coming. Verizon has released there's a apple is a rumor to release there soon. So, uh, we have, uh, another nightmare dimension of, uh, privacy and, and technology to investigate, uh, as related to debts very soon. Speaker 1 00:56:27 I mean, do you have any shout outs you'd like to share Speaker 6 00:56:30 The kind of plugs I'm interested in, uh, mushrooms, bone plugs. So you put them into old, uh, logs and then wait a couple of years. And eventually they will, the mycelium spreads throughout the log and then the mushrooms for the right time of year. And they, you can just keep going for a really long time. So if you don't have a good mushroom woods near you, you can always make your own. Speaker 1 00:56:56 I'm going to give a shout out to a ski resort. We just got back from a little trip and it was the first time I have been on the slope since COVID and there's little place called Revelstoke in Canada. It's actually in the city of Revelstoke. I would never have gone there except probably, and friend was visiting there and we decided to go up and check it out. It was a delight, it was a fun little resort. The mountain was amazing. Had a, a great range of runs. They were mostly, you know, better runs blue or black, just a few greens, but, uh, I really enjoyed it. So a plus one and a shout out for Revelstoke in, uh, British Columbia, Canada. Speaker 2 00:57:36 I have a shameless plug for a series of books that we're reading right now from ADA Palmer. If you haven't read them yet, the Terra notice series. It's extraordinary. I, the fourth book of the series just came out recently. I'm speeding my way through it. And I have that place. Right. I can't read it fast enough, but I also don't want to finish it yet because it's so good. So thanks ADA. And if you're looking for a good new book series, Tara Ignyta might be for you. Speaker 1 00:58:05 Yeah. I love that series. The first one is called to like the lightning too. Like the lightning definitely check it out. It's a fun one. Speaker 2 00:58:13 And that will bring us to the end of our show today. Speaker 1 00:58:17 Amy, thank you for joining us, Dimitri, thank you for joining us on the show today. Thanks also to our staff, our producer, Erica coddle, and co-host Eric Shu. I'm your host, Joe Amber, Speaker 2 00:58:27 Wherever you find the rubric podcast, please take a moment to subscribe to our feed. So you'll be notified when our next episode is released. We look forward to you joining us next time. The information opinions and recommendations presented in this podcast are for general information only. And any reliance on the information provided in this podcast is done at your own risk. The views, thoughts, and opinions expressed by the speakers in this podcast belong solely to the speakers and not necessarily to the speakers, employer, organization, committee, or other group or individual

Other Episodes

Episode 0

March 01, 2022 00:55:56
Episode Cover

Into the Ether (did:ethr)

did:ethr brings decentralized identifiers to Ethereum, the world’s second largest cryptocurrency network. Early contributors to the DID conversation, the folks behind did:ethr helped establish...

Listen

Episode 0

July 21, 2021 01:12:53
Episode Cover

The Granddaddy of DIDs (did:btcr)

BTCR is the grand-daddy of DID Methods. Created by Kim Duffy, Christopher Allen, Ryan Grant, and Dan Pape, it uses the bitcoin ledger to...

Listen

Episode 0

June 21, 2021 01:12:53
Episode Cover

The Granddaddy of DIDs (did:btcr)

BTCR is the grand-daddy of DID Methods. Created by Kim Duffy, Christopher Allen, Ryan Grant, and Dan Pape, it uses the bitcoin ledger to...

Listen