Open ianconsolata opened 3 weeks ago
@hexianglinss @willpan1102 more context on this one, I do not think we need to use UCANs for this anymore -- keybase does it with simple message signing, and so as long as a similar blob of data is included in the gist and signed I think the UCAN bit is unnecessary.
The blob of data we can have folks post is probably pretty simple:
### Filecoin proof
I hereby claim:
* I am <GITHUB_HANDLE> on Github.
* I control <FILECOIN_WALLET_ADDRESS> (Filecoin wallet address).
To claim this, I am signing this object
<OBJECT_TO_SIGN>
with my Filecoin wallet's private key, yielding the signature:
<INSERT_MESSAGE_SIGNATURE>
And finally, I am proving ownership of the github account by posting this as a gist.
The object they sign over should include the github id, filecoin wallet address, and a timestamp, and should use whatever interoperable message format feels most convenient for you (i.e. if MetaMask has a standard signing format where we can input this data, lets just do that.)
Keybase uses github gists for their verification process. Here is an example: https://gist.github.com/DonnchaC/9898347
And some documentation on how their system does it https://book.keybase.io/docs/server, as well as the library they use for proofs: https://github.com/keybase/proofs
That is a significant improvement over the current system, which requires folks to add a blob to a public repo : https://github.com/filecoin-project/on-chain-voting/tree/main/ucan-utils