Why not decentralised did methods?

[goeo-]

Hey! I've spent quite a bit of time thinking about this today. I've seen latency and key rotation mentioned, but I don't see how either is a deal breaker.

Earlier today I saw this post: https://bsky.app/profile/nuh.dev/post/3kqbfttjmfm24. It immediately defeated the latency claim in my mind, and I started thinking. Latency can only be improved, by having the pds (who you trust) act as a cache, and it can also be responsible for keeping the identity up. If the pds stops hosting the identity, it can move on to another one. This was all good, so I started thinking about key rotation.

Eventually I realised that the only reason for this was to make accounts portable while maintaining the identity, without the user having to own the key:

In a world where people own their keys, the fact that the top rotationKey is changeable means that if a user loses their key but still has their pds password, they can recover their identity. In return, the user allows the pds to edit their identity. The only way to recover from an unwanted edit is maintaining access to the user key, and noticing within 72 hours. If the user loses their key, the pds has full control of the identity, and there's no reason to assume it will behave well.

This means that once the user loses their key, their identity can no longer be trusted. If their identity can no longer be trusted, shouldn't they get a new one? And if they do maintain access to a well-behaved pds, they could use a mastodon-like follower forwarding mechanism.

But if we accept that the top rotationKey doesn't need to be changeable, then the pds doesn't need to sign things at all, because if you have access to the key you can just sign the thing yourself.

However, if we don't believe that most users will be able to keep their keys, then not only can we start justifying account recovery at the cost of complete trust in a pds, but we also start thinking about users not owning their keys at all, and I believe this is the main reason key rotation seems to be a requirement for the Bluesky team.

While it's a sad conclusion to come to (and I kind of hope I'm wrong?), I can understand it. I do think that getting end users to own and store their keys is a huge challenge and possibly impossible. So something like PLC is probably a good idea as a default.

However, I can't help but wonder why a decentralised did method can't be accepted as a non-default alternative for people who are aware of the implications (lose your key, lose your identity), when did:web is fine, which has similar implications (lose your domain, lose your identity).

It would be really cool to hear more of your thoughts!

[apatrida]

See:

#2705 (reply in thread)

talking about did:webvh and did:dht (based on what you mentioned above)