Open aparkersquare opened 1 week ago
An identicon is a visual representation of the hash of some information. The relevance here being that any change in either the DAP or the information resolved from the DAP would result in a completely different looking identicon, hopefully triggering the user to notice that they have mis-entered the DAP.
The DAP itself could be hashed and shown as an identicon. This could be done independently of the DAP specification.
Is there a stable part of DAP resolution process that could be used to generate an identicon? I believe the DID
would be a good candidate.
For this to be part of the DAP specification, the exact form of the identicon might need to be specified. I don't believe there is any open standard for identicon display.
When paying someone via a DAP, a significant concern is knowing if the DAP resolves to the person you expect. The DAP specification addresses various security concerns, and https://github.com/TBD54566975/dap/issues/42 is related to mitigating malicious impersonation of a DAP (someone posts something that looks like the DAP you expect).
I think it would be useful to have some way to address accidental mistakes by the sender.
For instance, say I intend to pay
@jack/didpay.me
, but accidentally type@jakc/didpay.me
and someone else has registered this handle at the registry (DAP squatting!) so it resolves to a list of money addresses. I am very unlikely to notice, and I will proceed to pay to one of them. This is bad.Verifying the DAP resolved to the person you intended would require some out-of-band knowledge, but assuming that was possible how could it be incorporated into the DAP specification?