Possible use of a decentralized DNS system


#1

Hello Blockcerts community!

While doing some research for the creation of a cloud based certificate wallet I stumbled upon Blockstack (https://blockstack.org). Blockstack is a open source Decentralized DNS implementation built on the Bitcoin blockchain. This allows people to create an identity which is associated with a bitcoin public key and some profile information. I think this could be used do to eliminate multiple dependencies and trust issues in a blockchain certificate.

In a blockchain certificate, the issuer’s blockchain address is provided under the creator attribute and on the issuer’s website (@id). The address can also be found in the transaction proving the authenticity of the certificate. Verifying the authenticity of the certificate is totally fine if the verifier already knows the issuers address, but what happens when the verifier does not already know that address? In this case, the verifier would have to trust the the issuer’s identity provided by the recipient, which could be false.

How can the blockstack DNS system be used to improve this? The issuer’s blockstack id could be provided in the certificate which can then be used to query its public key and other information. This allows the verifier to prove the legitimacy of the address in the blockchain transaction without using a centralized service.

Please let me know any thoughts on this or anything that I have not stated properly.

Thanks!

Noah


#2

Hi Noah,
Yes, for the next version of Blockcerts we are looking into the best way to flexibly allow decentralized identifiers in the place of public keys. This is true both on the issuer and the recipient side, as it allows key management functions (such as key rotation). I’d like to use DIDs as the general framework see for example DID names to make this flexible. I’ll be posting some rough ideas in the coming weeks.

If you are interested in developing a prototype like this, I’d be happy to help out with feedback, review, etc. Thank you for the suggestion!

Thanks,
Kim


#3

Hi Kim,

Thanks for the response! The DID framework looks interesting! It’s not the first time that I’ve heard of it but I still need to do some reading to fully understand it and see how it can be implemented.

Btw I am happy to create a prototype and contribute! I will try to come up with some ideas and hopefully be in contact soon.

Thanks!

Noah