Some maybe relevant code from the start of GitHub DID

[OR13]

Not sure if this is helpful or not, but GitHub DID was originally more similar to this, and has since become much more centralized (and less ambitious).

I'd love to create compatibility, and assist, I'm gonna share some links here to things I considered which may or may not be useful. Since this isn't really an "issue" feel free to close it.

We used to have a bunch of scripts that operated on files checked into the repo:

https://github.com/decentralized-identity/github-did/tree/f6baefe68fefbed5fae32149fbab97f8652e7475/scripts

We tried to use GPG directly via command line tools, instead of via js libraries:

https://github.com/decentralized-identity/github-did/tree/f6baefe68fefbed5fae32149fbab97f8652e7475/scripts/shell

https://github.com/decentralized-identity/github-did/blob/f6baefe68fefbed5fae32149fbab97f8652e7475/scripts/did/create_document.js

We had a checkDID script that would cause travis CI to fail if a DID was not signed properly:

https://github.com/decentralized-identity/github-did/blob/f6baefe68fefbed5fae32149fbab97f8652e7475/scripts/did/checkDIDs.js

The idea was to not merge PRs that contains DIDs that were not signed correctly.

Originally I considered it to be fine to fork and push, because the resolver was tied to the user in GitHub, so I might have old versions of your DID in my repo, but nobody would trust them since I'm not the root of trust for you.

I really liked the idea of just building a DID method on top of GPG, GIT and SSH + some strong assumptions around trust, but the security challenges, rewriting history, etc... scared me off. plus I'm not actually very good with git.

Feel free to borrow any code that is helpful from GitHub DID, and I'm happy to think through security / protocol / method design.

[dhuseby]

Thanks! This is very helpful. I've already seen some tricks in your code that we may borrow. We won't be lifting any code though. I'm already implementing the new signing tool in Rust and the patches to Git are in C and the git did porcelain prototype will likely be Python since some other git porcelains are implemented that way. Ideally, the final git porcelain would also be implemented in Rust but I would accept C if it was demanded by the Git maintainers in exchange for adding git did into the main Git distribution.

[OR13]

awesome, I've recently updated: https://github.com/transmute-industries/PROPOSAL-OpenPgpSignature2019

Any chance you are planning to create some Rust / C / Python GPG JSON-LD Signature suite? or are you planning on keeping signing at the protocol layer (internal)?

If you are planning on exposing GPG keys in DID Documents, I imagine we might have some overlapping standards update needs, support for publicKeyPgp or similar, and something like OpenPgpVerificationKey2019... These don't exist currently, but I'm working to propose them.

[dhuseby]

I'm OK with adding that, however my ultimate goal is to kill GPG entirely.