2019-02-14 11:58:08 -05:00
# Microledgers and Edge-Chains: A Primer - Daniel Hardman, Evernym
2019-02-14 12:00:17 -05:00
**—Hyperledger Global Forum 2018**
2019-02-14 11:58:08 -05:00
Evernym’ s Chief Architect Daniel Hardman takes the Hyperledger community through Evernym’ s work on Microledgers and Edge-Chains Architecture. Attendees will gain insight into the theory, applications and evolution in Hyperledger Indy along with a practical discussion of their potential.
< img src = "http://i.imgur.com/H5ijP94.png" / > \
< sup > https://www.youtube.com/watch?v=iK5vd7-b1zA& list=PL0MZ85B_96CGkWnEvdPy5sB4VRcH2XWuP& index=100< / sup >
* [Daniel Hardman, Chief Architect - Evernym ](https://hgf18.sched.com/event/G8sN/microledgers-and-edge-chains-a-primer-daniel-hardman-evernym )
> Daniel Hardman has a quarter century of experience in enterprise software. As a technical director or chief architect, he’ s led engineering teams at small startups, an incubator, and a continent-spanning business unit at a Fortune 500 company. He founded a dot com a few years back, serving as CEO and later CTO before selling the business. Daniel designed and personally coded complex scheduling software that runs the biggest supercomputers on the planet. He also worked on big data systems that use natural language processing and machine learning/AI to impute reputation to the entire observable internet. He is a member of Infraguard, has training in cybersecurity, and has spoken at industry conferences such as RSA. Daniel has an MBA plus a master’ s degree in computational linguistics. He holds numerous patents and is a prolific blogger.
## Lightly edited transcript from Youtube.
Okay, I think we'll go ahead and get started. There are likely to be people trickling in, if they're like I am. If I didn't have to be here speaking I would take my time getting in the next session after lunch feeling a little bit sluggish... but anyway, they'll come in and and we'll already be in the presentation.
my name is Daniel Hardman hopefully you've if you read about this session you might know a little bit about my background I work with hyper ledger
indie project mostly I'm a maintainer
there and I also work for well so I have
a day job with Evernham and then a side
gig where I work on the technical
governance port of the sovereign
foundation which is closely connected to
the indie project anyway today I'm going
to talk about some concepts that have
been marinating in my mind and in the
minds of some people that I work with
for quite a while not all these ideas
are originally mine I want to give
credit where credit is due lots of other
smart people have been talking and
thinking about this as well I'm just a
spokesman for a lot of other people and
hopefully the title intrigued you a
little bit micro Ledger's and edge
chains I'm going to demystify that and
when you walk away I hope you're gonna
think of this as not so much a super
technical session that you've been to
but instead a session that kind of has
some intriguing ideas for you to think
about later in whatever you're doing so
I'd like to start by taking you on a
little bit of a personal journey I
started working in blockchain two and a
half years ago and when I first became I
guess aware of the basic concepts of how
blockchain worked and so forth I became
really excited about how blockchain had
solved a bunch of problems and who I was
going to go conquer the world with all
this new technology and it was awesome
and that was a I lasted in that phase of
my acquaintance with blockchain for I
don't know several months but I start
to encounter practical problems with
some of the blockchain stuff I was doing
and I hope as I described the rest of
this arc you'll smile a little bit to
yourselves and say yeah I've kind of
been through the same thing so you know
after after my in a way this is kind of
like the Gartner hype cycle you know
there's the the spike of excitement and
then the trough of disillusionment so I
kind of went through learning about some
of the performance and scaling issues
that we had to deal with and some of the
complexity and then I started to realize
that putting data on the blockchain had
certain repercussions that I didn't
always want to deal with and that there
needed to be some very careful thought
about how we encrypted data and then I
realized encrypting it wasn't enough it
just plain shouldn't be there at all and
so hopefully you guys are recognizing
these kinds of patterns in your own
thinking here and then I got into the
whole all regulatory compliance of gdpr
thing and gee this is getting harder and
harder and then I and several of my
companions discovered this notion of
micro Ledger's and we feel like it was
kind of an aha moment for us so I'll
explain what micro Ledger's are and I
think you'll see how that's relevant to
this arc when I'm done but let me just
point out that that same kind of arc
that I just described in my own thinking
we're seeing unfold in lots of different
ways in the whole block chain space all
of the things on this list here are
examples of projects where somebody has
fought hard about the original
blockchain paradigm and tweaked
something in an interesting way because
of that same arc and you know the tweaks
are different plasma is about taking
smart contracts off the blockchain
triple signed receipts is about
preserving confidence in data but not
having to keep a full history even
though you have a strong proof that
you're at the right state anyway they
all
different things up there and if you
don't know about all those I didn't know
about all of them either until I went
and researched this talk and I was
looking for patterns I knew about some
of them and I found some others there
but the point is that I think the whole
industry is going through a maturation
phase where we're realizing that there's
certain aspects of what blockchain can
do that we love and there's other
aspects of what blockchain gives us that
we don't love so much and we're trying
to kind of wrestle against those
constraints now these are the two things
that I think these arcs all have in
common mine and and the things on the
previous slide
they're all trying to do less with the
central big blockchain in some creative
way so that they can keep the special
value out of the blockchain but not have
some of its downsides right okay so I
want to just point out something I went
and looked just for fun I went and
looked up architecture diagrams with
Google I was looking for old
client-server architecture diagrams okay
and these are just three that I picked
at random out of the Google image search
results list you see that client-server
is kind of this old paradigm where we
have this notion of a centralized thing
right and client-server equals bad right
we've been down that road we don't like
that anymore but here's what's
interesting I also went and searched for
some architecture diagrams about
blockchain and some blockchain supposed
to be highly decentralized and lo and
behold there are lots and lots of
evidence in these diagrams that
blockchain is actually it just almost
the exact same thing now there's some
things about blockchain that are
different I'm not arguing that they're
identical but the point is there is this
phenomenon
sometimes that blockchain has been used
in a way that's far more centralized
than we like to admit yes there are
nodes that spread the load around and
yes the nodes create this notion of
diverse or I mean diffuse trust and yet
all of those nodes can be treated as one
bundle in the middle and in fact
in a lot of architecture diagrams that
you see in presentations at this
conference and any other conference you
will see a little graphic that
represents the blockchain and a bunch of
arrows coming to it from all over the
place and what's that that's
centralization okay so we don't
necessarily need the blockchain for
everything that we think we need it for
the taluk back in April I'll let you
read that quote there well actually I'm
going to read it because it's such a
good one block chains are far less
efficient computer and database than
technologies that have existed for over
40 years
efficiency is not what block chains are
built for if you actually go and look up
that quote he does a comparison of how
much it costs to do certain kinds of
computations on aetherium versus AWS and
it's about a million to one difference
in efficiency and then founder of
liquidity network in June this is a
really good quote - bottom line is this
notion you know what why would you need
a mediator if you're actually agreeing
with each other now there's an answer to
that question but there's also some that
that question exposes some interesting
things to think about so I think smart
people in the industry are starting to
question some basic assumptions and
here's here's my picture of an
architecture that's centralized in
blockchain oriented you got the
blockchain in the middle here and you
got the arrows coming to it right this
is how I was thinking about my own
particular problem which was the
identity management relationship
management problem that's at the core of
identity when I first came into this
world and if you see we've got two
parties that each have a relationship
and want to trust each other we have
Alice we have Bob and Alice needs to
know some things about her view of this
relationship and she also needs to know
some things about Bob's view of the
relationship okay and these two views of
the world
what's symmetrical and complimentary but
they're using the blockchain in the
middle as the trusted intermediary and
like I said this view of the world sort
of works but it became it chafed on me
and it became increasingly uncomfortable
as I learned some of the drawbacks and
challenges to it so here's what I
evolved to and this is what I want to
talk to you about is the micro ledger
notion so in this notion you still have
a blockchain and blockchain does have
relevance it's highly relevant but it's
not used for the main it's not the main
mediator of the relationship between
Alice and Bob Alice and Bob talk to each
other directly and then they have this
kind of back-channel thing that they can
use to interact with the blockchain to
the extent that they need to and I'm
gonna talk about what they really need
the blockchain for but it's not as much
as we thought at least as much as I
thought to begin with so when you have
this kind of a relationship what you
have is two parties that are kind of at
the edge of the old diagram the instead
of the thing that's in the middle you
have the things that are at the edges
okay and these things at the edge are
talking to each other and this is how I
get the concept of an edge chain that's
where that word in the title of the
presentation comes from is the notion
that you can have some of the same
characteristics of a blockchain you can
have high trust and tamper resistance
and diffuse patterns of communication
and so forth but you don't have the
blockchain sitting in the middle of it
it's it's all happening out at the edges
okay so this evolves even further if you
have this person Alice having
relationships with multiple people she
continues to have these all as kind of
lateral side relationships she doesn't
have them through the blockchain now you
might be saying well wait a minute if
you take the blockchain and all those
big arrows out what is it even useful
for well in my case it's useful for
certain
problems that require external trust so
for example there has to be a place
where I can announce that a credential
upon which identity is based has been
revoked and the world needs to test for
that condition when they're seeing
credentials presented I know that
there's people out here who aren't in
the identity space
I think there's analogs to this in in
non identity world too there's certain
things that you need to consult the
blockchain for but the main things that
aren't on this list are things like
talking to each other
storing things doing computation
interacting none of that stuff has to go
through smart contracts or any of that
it just has to have a few very small
things that make this possible so
besides revoking credentials in the
identity space you have to be able to
revoke a device if you leave your phone
in on the backseat of an uber you need
to be able to quickly say don't let
anybody use that phone to impersonate me
you need to be able to discover parties
that are intending to be public
you need a secret rendezvous spot so if
you think of secret agents that you know
they're heading off into enemy territory
and they agree that if if they're not
back by such-and-such a time then
they're going to meet in the square at
midnight or whatever well you can use a
blockchain kind of like that as will
agree that will rendezvous on the
blockchain if we lose track of one
another or have to repair a relationship
and we can't do it by direct
conversation and it turns out that
Merkel proofs of state integrity between
these two parties can be relevant now
this last one is where I get the name
micro ledger for this talk and that is
basically the way that these two parties
interact with each other has to have
some characteristics of prove ability
and tamper evidence even though it's not
on the main blockchain and you can do
that by doing some very simple well it's
not very simple it's simple compared to
other stuff crypto and so forth on your
local hard drive and you know when you
interact with the other
passing them Merkel proof of state
having them check it against what they
have you end up knowing with confidence
that both of you have the same thing and
and you haven't drifted or
misinterpreted one another so you end up
basically having a tiny little ledger on
your machine for the relationship Alice
would have one for the relationship she
has with Bob I'm talking tiny I'm
talking 5k 10k little tiny files they're
not massive they don't last necessarily
forever they don't store any significant
amounts of information but they just
have an orderly sequence of hashes that
show how state has evolved that's the
micro ledger concept so after we started
playing with this idea I started to see
things a little bit different this is my
journey again but I thought instead of
it being kind of a time sequence I saw
it as a continuum of centralization and
I really think that's where my mental
journey took me is I started out
thinking blockchain was cool and I'm
going to be decentralized but I wasn't
really very decentralized in my thinking
and took me a long time to get there you
know I started kind of over with put it
all in the blockchain which isn't so far
away from traditional client-server ok
then you start seeing people talking
about sub chains and side chains and
things like that that's an example of
moving farther to the right on the
continuum and then you hear people
talking about well just anchor it on the
blockchain now we're starting to get
pretty far over to the towards the right
if you go all the way over to the right
you have a pure edge chain where you
really don't need the blockchain at all
now I don't think I'm gonna write any
software that looks completely at that
end of the continuum
I think the blockchain introduces some
characteristics of trust that I really
need but I think I can get pretty far
over here get all the benefits from
blockchain that I really care about but
not have hardly any of the drawbacks or
complications and the only price is
complexity darn it
okay so I put up here on this picture
also I have gaps right here and edge
chain protocols when I first started
exploring this notion of the edge chain
I was calling the thing that we were
building adapt because it's a
decentralized app of course but I
realized that what the industry is
calling adapt is actually pretty far
over to this side because it's typically
running everything through a smart
contract that does centralize
computation and you can there are adapts
that aren't that way so the DAP thing
moves over towards the right there are
some gaps that get maybe almost this far
but you you can take it all the way over
here and I think if you go way over to
the right side it's not really fair to
call that adapt because it's pretty
different from what the industry thinks
adapt is and I'm gonna give you some
examples here in just a minute so just
for kicks I'm gonna introduce a new word
to you
because this is why I'm excited about
the right end of that continuum I think
that the things on the right end of that
continuum have this characteristic this
is a big word you know a $24.00 word but
it tell telly emergent so if you're
familiar with the word teleology or T
Liana me this has the notion that you
have order from chaos okay but it's not
order that's decreed by some central
party it's order that arises
spontaneously T Liana me is used in
discussions about evolution and biology
and how a very complex ecosystem can
manifest really sophisticated patterns
of behavior even though there's not
anybody out there telling the Zebras
which direction to run when the Lions
chase them and so you may have also
heard the word chaotic before and you
may have run into the notion of Adam
Smith's invisible hand in the economy
it's the notion that you give a bunch of
independent actors the right incentives
and lo and behold the free market causes
an interesting dynamic to emerge that's
useful and that's what I think is the
true characteristic at the far right
side is that you give independent agents
the ability to interact and these agents
find useful ways to interact according
to a protocol so this is just a little
compare and contrast I think I'm gonna
skip over this suffice it to say that
daps and edge chains have a lot in
common but I think there's some
interesting differences and I'll maybe
during Q&A; we can come back to this
slide you have questions about it but
let me now actually give you some
examples of what I'm talking about
when you define an edge chain protocol
you have to answer these four questions
what are the roles in my protocol what
types of messages do we exchange what
stage or sequencing rules apply and how
our trust and incentives managed so
here's a really familiar example okay no
tech involved how do you buy a house
okay what are the roles in buying a
house well you have a buyer and a seller
and the realtor for the buyer and the
realtor for the seller you have a home
inspector you have a title company these
are roles and by the way buying a house
is a protocol right you can't just go
order a title insurance on some
arbitrary home because that would be out
of order for the it's not the sequence
that you have to start by doing step one
and then you go to step two and then you
go to step three right and the parties
in this interaction have
responsibilities they can do certain
things and not other things okay
so the kinds of messages that get
exchanged in this protocol well we have
an offer to buy a counteroffer an
acceptance or rejection a home report a
title search these are messages okay
what are the state rules that apply well
this is an example state machine I drew
you start by negotiating and you can go
round and round in circles in
negotiating eventually you exit the
negotiating phase
you're in the preparing phase where you
order a title search and a home report
and all these things and anyway you end
up consummating the deal or not
consummating it but that is an edge
protocol why is it an edge protocol
there's no blockchain involved right
it's people out at the edge but there's
a hundred thousand things like this
ordering a hamburger is a protocol right
you can't just walk up to somebody and
say here's seven twenty five you have to
walk up to him and say I want number
three on the menu would then give him
725 after they ask you whether you want
it to be is that to go or not to go
right there's this whole protocol
involved in that that we all know so the
reason I'm harping on this is because
all kinds of business problems are
solved by protocols all the time and in
fact they're mostly edge protocols and
that's a cool thing if you can just hook
them up to blockchain for just the parts
that you need them for and not all of it
the the weight of what you're building
goes way down so here's a simple edge
protocol that's techy this one is one
that's relevant to the identity space
this is the trust ping protocol and in
Indy there is a hype which is like an
RFC about how you ping another person
you have their D ID for them that's
their identity their identifier excuse
me and given that identifier you should
be able to reach out and talk to that
person so how do you do it
and according to the whole indie
technology should be able to do it no
matter what transport you're used to
send messages whether it's HTTP or mail
or Bluetooth or whatever and you should
know some things when you engage in this
trust pink about whether the person on
the other side is trustworthy and how
much trust might have been eroded by the
kind of mechanisms you used in between
you and stuff like that so there's a
hype about that you can see the roles
the ping ER and the ping e and the
message types let me give you a quick
demo of this protocol what I have here
I'm gonna start up an indie agent and
that agent is going to be listening on
email and I'm going to talk to it by
email and I'm gonna use the trust ping
protocol to to interact with it so this
is the yeah this is a trust ping
protocol documentation and the trust
ping documentation says that if I want
to ping somebody this is the kind of
JSON message I need to send it so I'm
gonna send it one let's go over here to
my email and I'll bring up my little
trust ping nothing up my sleeve here's
the the JSON that I'm sending which is
just a direct copy and paste out of this
pipe here so that's the that's the stuff
that I sent and let's see
message was sent that's good now what we
got to see is if the message is going to
come back there we go so the agent on
the other side pinged me back and let's
see what it sent me it sent me a name
style message except it's not fully
encrypted right now I turned off the
encryption this is the JSON that I got
back it says hi from indie agent so I've
just engaged in a protocol here now what
does blockchain add to this I could do
this entirely without blockchain but
there's some things I wouldn't have I
wouldn't have confidence in the other
sender somebody could sit in between me
in this protocol and mess with my mind
right be a man-in-the-middle so most of
the protocol is not modified but by
adding a little bit of blockchain pixie
dust I'll call it I can increase the
trust behind this protocol and and
that's the kind of thing that I'm seeing
over and over again as I get my head
wrapped
around this paradigm is you start with a
paradigm that's really not very
blockchain heavy and then you say okay
what are the things that's that's
wonderful about blockchain that I need
to add into this and how can I do it as
light as possible okay so on to the next
thing here
Tic Tac Toe we could also play
tic-tac-toe I'm gonna wait and see if I
have enough time I'll do a demo of
tic-tac-toe if you feel like it later
but anyway I have a demo of that if you
want to this one was not
there's no blockchain goodness on this
this is all the way to the complete
right side is being a pure hedge
protocol because you don't need a
blockchain to play tic-tac-toe okay this
is a more serious one what if you want
to manage a relationship so Alice and
Bob live across the world they use
complicated complicated technologies
each of them has different technologies
one of them has a laptop and a cell
phone and the other one has a desktop
computer at work and two cell phones and
something in the cloud and they want to
talk to each other and there's different
pieces of software running on all these
different things at different version
levels and all this kind of stuff how
does Alice tell Bob hey you shouldn't
accept any messages anymore from my old
cell phone that I just sent to the
recycling I think they told me they were
gonna wipe the hard drive on it but I
just don't trust I'm gonna tell Bob not
to do that you know how do you how does
Alice say hey I upgraded my own world
here and I've got a new device and now
if I send messages from that device you
should trust them
how does Alice say I'm gonna rotate my
keys
all of these are concerns of managing a
relationship and you need a protocol to
manage a relationship and guess what
it's mostly an edge protocol so this is
a more serious one that matters has
pretty high stakes and I've been working
on a method to describe how di DS can be
created and the did Docs associated with
those di DS can be shared and there's
you can see the the roles here are the
participants in the relationship and
there's some message types that are
described here there's actually a did
method spec draft and I'll show that to
you really briefly here and you can go
look it up yourself
later if you want to I'll give you the
URL and you can go read it but anyway
there's this whole spec behind this and
so this one is the thing that has caused
I think the most ruminating on the
concept of a micro ledger because the
micro ledger as a persistence mechanism
could provide high trust to back the did
method that I'm mentioning here
let me go on to another one that's maybe
a little bit more interesting so this is
just an imaginary one but I think I'd
love if somebody in the audience wants
to build this I'd be super excited and I
would buy your app a megaphone protocol
what I'd like is something where if I'm
sitting on the beach in Indonesia and a
tsunami happens I can grab my phone and
push a button and say run a tsunamis
coming and my phone contacts all the
phones all around the resort where I'm
staying which in turn contact all the
phone's a mile inland and everybody
starts running not just the people who
can see the wave would that be cool I
want basically a virtual megaphone but
here's a why do I need blockchain
there's a really good answer to this I
can't build this right now because if
everybody had a real megaphone in real
life you'd have problems with people
using it irresponsibly wouldn't you so
there's a trust problem I can use
blockchain to require people to put
stake or put their identity in escrow
against their responsible behavior so
that a person can say look when it's a
life-or-death situation I need an EpiPen
right now I'm willing to you know have a
hundred dollars on the line or I'm
willing to have my identity disclosed if
I am shown to use that irresponsibly and
that protocol can hook back to the
blockchain as a basis for that trust but
most of everything that's happening is
all out on the edge okay and you can see
some of the other ones you know my child
is lost at Disneyland or I'm desperate
to get on this plane as somebody in this
line willing to send me to sell me their
plane ticket 4000 euros any of these
kinds of things could be done with this
kind of a protocol and you would just
need peer-to-peer communication in your
app or you could have the app go back to
the cloud and talk to other apps through
the cloud if you needed to that would be
more centralized but anyway there's some
roles in this a speaker a listener and a
relay so you could have an app and a
person could talk through your app to
another phone that was close to you and
so the word would spread right if
anybody's interested there's a link to
the concept doc when you download the
slides you can go read more about that
protocol so here's my suggestion to you
I hope that I haven't gone too too deep
I've tried to stay really high-level and
I hope that I've been general enough
that even if you're not in the Indy
space the identity space you're thinking
a little bit to yourself yeah maybe
there's some ways that I'm taking for
granted that we need to use the
blockchain for something and maybe I
shouldn't
maybe I should think from the other
direction instead start thinking about
the problem as an edge protocol problem
and then say how do I sprinkle the the
magic pixie dust a blockchain just
enough to get the properties of trust or
the constraints that I need and what
I've found is that this is a very
liberating experience two and a half
years in a lot of the problems that I
initially thought were really yucky I'm
now thinking well if I flip it on its
head I can get what I need to and I
don't have the performance problem or I
don't have the scaling problem or I
don't have the centralization and trust
problem or the regulatory problem so I
want to encourage you to do that think
in terms of the edge with a blockchain
as a useful foundation that you can
refer to but not necessarily as the
place where it all happens you don't
have to compute everything in a smart
contract and you don't have to and if
you say well I don't know how to do that
there are some problems that you must
use
blockchain for but I'm just saying use
it wisely and not just peanut butter
spread it on everything and then I would
love to get some people here to work
with me on this peer did method I think
it's a very high value for the identity
space that's one specific to my area of
expertise so with that I'll go back and
demo something if you want or we can go
into QA I think we got about ten minutes
left which is good I was trying hard to
not go till the very last second well it
doesn't necessarily have to be a person
but some entity on the edge yeah and I'm
really using the term edge of course is
really vague but what I mean by it
mostly is it's not the thing in the
center of the architecture diagram okay
and then the second question the concept
of the micro ledger is there any concept
of persisting the final values of the
micro ledger onto a blockchain yeah so
this is if I go back to let's see the
notion of anchoring something on a
blockchain a number of people in
industry are exploring different ways to
do that and one of the things you could
anchor on a blockchain is a micro ledger
so if you needed to prove for example to
a third party let's say Alice and Bob
are interacting and it's it's a private
personal relationship but let's say Bob
doesn't fully trust Alice and maybe he's
afraid that alice is gonna steal all of
his cool music for his next album even
because he's been sharing it with her so
he goes and he anchors some things on
the blockchain to provide evidence so
that if anybody ever you know if there's
ever an argument there's a third party
that's a witness that kind of a thing
and there's other kinds of use cases
like that too
hi so obviously it's a communication
protocol so I'm wondering if there was
any thoughts about communication
recording or if it could be useful in
any way I know there have been papers
for TLS communication recording but
obviously it's not easy to do at this
point with TLS and HTTPS so is there any
ideas about communication recording
between the agents or da DS and how it
could be possibly useful so that's an
interesting question I used to work at
Blue Coat which makes a line of products
actually blue coats been acquired by
Symantec so if you look this up now
online you're gonna have to look under
Symantec but anyway blue coat makes a
made a product called an SSL visibility
appliance and what it is is a
deliberately constructed
man-in-the-middle attack on a TLS
session so an enterprise does some fancy
magic with certificates to make it so
that when you inside the enterprise talk
to somebody outside the enterprise that
appliance catches the traffic and it man
in the Middle's both of you neither side
can tell that there's this thing in the
middle and the whole point of it is make
the TLS channel visible so that the
enterprise can look for malware that's
coming into the environment and stuff
like that so where I'm going with this
is that same kind of technique could be
used in agent to agent communication
however you would have to get the
consent of both ends of the conversation
you don't have the ability like you do
in an enterprise to simply say well
every browser in our enterprise is going
to accept this certificate authority
therefore nobody's going to get any
warnings when they click and and stuff
like that so self sovereign identity
technologies provide a protection
against that kind of sniffing happening
invisibly but it could be done and the
old the other thing I was going to say
is there's also a hype
a proposal about message tracing this is
cooperative voluntary message tracing
where people are trying to troubleshoot
a complex interaction and they say hey
please tell me when you get this message
and forward it on so that I can see
what's happening parties don't have to
follow it and but it's somewhat related
to recording so I I guess I can only
think of two those two comments about
the recording concept maybe we can talk
some more after Danny I actually have a
follow-up question and what what
happened here so I'm sure you're
familiar with signal in signal low using
a double ratchet it's right in Triple D
filmin and they create that end-to-end
encryption so how does this really
different when it comes to peer-to-peer
and then just creating that encryption
because you just mentioned that if
you're going to man in the middle attack
I'm quite familiar with what Bluecoat
does I work at Symantec as well so you
have access to the private key you are
able to record a session and then you're
able to replay it
so basically acting as a proxy so how
does this does not apply in this
scenario because if I'm able to actually
sit in between let's say I hold the
network and then I compromise one of the
parties then this is basically just a
broken channel well first of all indie
communication there's a this has not
been implemented but the hype has been
accepted is adopting signals double
ratchet algorithm so forward secrecy and
so forth is a property of the
communication channel the same way it
would be with signal the did method spec
that I talked about here one of the key
characteristics that it has is that when
you created did you must create it by
deriving it from the public key of a key
pair that exists and the reason that
that requirement exists is because you
don't want if you had it if you did well
let me take you down a different path if
if you started a D ID as just like let's
say some UUID and then later you
associated it with keys what could
happen is you could start it and a
person who's proactive and malicious
could notice what your D ID is
but you haven't asserted keys and jump
in and create the kind of man in a
middle situation that we're really
worried about here but because DIDS
require you to derive the thing from the
key the the did value from the key there
is no point in time where the creator of
the did is vulnerable to the man in the
middle attack that's only a partial
answer to your question let's talk about
it after yeah I had yet another
follow-up on this thread so the ietf has
a existing internet standard called the
host identity protocol and it does
exactly the same thing the intention
there is because right now in networks
there's the IP address is the identity
but this is not verifiable so they made
this protocol with the intention that it
existed to be compatible with the
Internet's tcp/ip stack so there is no
tie to and etherion network or a hyper
ledger implementation it's just part of
the general Internet can you give me
some context as to why this is existing
separate from that and we don't just use
the host identity protocol existing on
the internet already so that's a great
question there's several different
answers that are all kind of related
that kind of add up the first thing is
that this communication mechanism has to
work on things besides the Internet
so not everything has IP addresses and
still we have to be able to communicate
we certainly live in a highly IP centric
world but there's plenty of use cases
that are outside that the second thing
is that like with certificates my
understanding of the host identity
technology is that it focuses on servers
now of course it could be used for
clients and stuff too but TLS in general
even though it has
the option of identifying both parties
is almost a hundred percent used to
identify only the server side of an
interaction so when you want to identify
the client side what do you do you have
this great channel but you don't use
certificates you have an entirely
different mechanism which is
browser-based sessions and cookies and
all this other stuff to identify the
other party you log in you present some
credentials and I think the same kind of
phenomenon maybe is undermining some of
the value of that protocol where it's
it's going to be applied whether the
protocol is written that way or not it's
going to be applied just to identify
things that have a permanent presence
does it does it work for mobile phones
that are changing IP addresses
constantly and that are refreshing their
software and all that other stuff I
don't know enough to know maybe we can
can you share a link with me or
something and I'll go learn some more
about it
state channels are on my list of we're
right here
well state channels yeah the state
channels are an example of this kind of
thinking yeah I have one question
concerning the etch chain protocols as I
understood you you suggest we make small
protocols and different apps but what
when I want to glue them together
because they together build higher-level
protocols would I then try to make the
glue in the blockchain so things that
those protocols need store it there or
would I define let's say super H J chain
protocol
well yeah protocols are one of those
things that can be understood at there's
there's lower level ones and higher
level ones just like there's the OSI
stack and so forth in networking and you
can combine logical entities into bigger
constructs to make higher-level
protocols something that you said kind
of gets at this slide that I skipped
over one of the things that's different
between DAPs and edge chain protocols is
that edge chain protocols there there's
no set of apps that you have to have you
just need to have software that is
capable of playing all of the roles in
your protocol and it could be written by
ten different people and there could be
ten different providers of one of the
roles if you wanted right so think about
like buying a house we don't have only
one place that you go to get all the the
actors in the buy a house protocol and
yet DAPs are typically written where you
write a DAP that implements the whole
thing and so that's a little bit of a
paradigm shift
yeah yeah yeah
theirs doesn't have to be implemented on
server so it's not exactly micro
services but it's like that in the sense
that it's a bunch of little granular
things hi thanks this was really
interesting I was going to offer a bit
of nitpicking for the megaphone protocol
I think if you don't take in
consideration economic pressure
I think the protocol probably fall apart
because some people will be in such
situations that they'll be willing to
trade what they consider their important
identity to spam people nearby and
there'll be markets that will probably
show up saying hey if you can if you do
this for us we'll give you some money
and people might burn through their
identity because they don't see the
value of it or maybe they will try and
stack up multiple identities as much as
they can
obviously we we would expect this the
product or the system the overall
underlying self sovereign identity
system not to allow that but I think if
you don't count factor in economic
pressures especially for those of us who
are very poor like you won't be able to
expect some of the ways that the
protocol will be manipulated
that's good comment the the concept
document includes the notion that
megaphones have a volume and you can
select the volume if you say look I'm
tired and hungry and I'm a mom in an
airport and I have a baby and I need to
change the baby's diaper and I forgot a
diaper that's not a life-threatening
crisis so you don't need
life-threatening volume and so there's
probably different staking for different
levels of volume but I think there's
still you're right that there's
potential for abuse which is maybe one
of the reasons that nobody's been
working on it yet
okay well I think we should declare the
the session over and I'll be up here if
anybody wants to ask more questions a
couple of you asked me questions that I
want to get some more information about
if you just come and talk to me that'd
be great and thanks for your attention I
appreciate it