I have been thinking hard about using a combination of DNS Handles and QR codes for contact exchange.
The short term 'killer app' being to make it really easy for Developers to provide a list of all their cryptokeys they use to sign commits, code, authenticate to Git repos, etc. etc. The following URI can be used to located, decrypt and authenticate my JSContact using a combination of HTTP, SHA-3-512, SHAKE256 and AES-512-GCM. jscontact://mplace2.social/egm3-lbnd-upo4-yxha-fy7p-hiim-y4kq That URI is not something I would want to put on a business card as text but it could be there as a QR code. And it can also be published as a DNS TXT record: _jscontact.phill.hallambaker.com. IN TXT "uri=jscontact://mplace2.social/egm3-lbnd-upo4-yxha-fy7p-hiim-y4kq" So JSContact has a format for describing contact information and keys that I am slowly beating into submission. The syntax is somewhat yucky but it is functional and all in JSON. Since we are doing JSON, the obvious way to encode keys is with JWKS and the backwards compatible but not entirely satisfactory way to do things is as a DATA URI with the encoded data. At this point, I can bully everything into getting the functionality I need except for OpenPGP and SSH certificates. Both formats allow keys to sign other keys. And this naturally leads me to look at extending JWKS to add the formats because then I can specify a second URI to allow the authenticated retrieval of just the key portion: jwks://mplace2.social/egqn-a3es-zbye-xp3o-w6et-pqug-go5 Yes, I know I could specify the media type in the URI and the EARL format defined for the Mesh does exactly that. But, I would much prefer having JWKS as the one format used regardless of key type and moving things into JSON allows me to add descriptive information into the package that isn't necessarily there with the existing media types for SSH/OpenPGP keys. I will of course liaise with the OpenPGP and SSH groups to discuss format if it isn't already done somewhere my Bing-Fu didn't find.
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
