DIDs as URLs will be needed for a decentralized web, but I have some concerning doubts about ION.
1. ION uses IPFS. Nostr 2.0 will replace IPFS for off-chain data storage. IPFS is clunky software that forces users to spin up a node to verify data, killing the user-server model that we're trying to decentralize with Nostr. Proof of this requirement in IPFS is in the quote below.
https://decrypt.co/resources/how-to-use-ipfs-the-backbone-of-web3
โBrave gives you the option to access IPFS content through a public gateway or ๐ต๐ฉ๐ณ๐ฐ๐ถ๐จ๐ฉ ๐บ๐ฐ๐ถ๐ณ ๐ฐ๐ธ๐ฏ ๐ญ๐ฐ๐ค๐ข๐ญ ๐ฏ๐ฐ๐ฅ๐ฆโ๐ต๐ฉ๐ฆ ๐ญ๐ข๐ต๐ต๐ฆ๐ณ ๐ฐ๐ฑ๐ต๐ช๐ฐ๐ฏ ๐ช๐ด ๐ง๐ฐ๐ณ ๐ต๐ฉ๐ฐ๐ด๐ฆ ๐ธ๐ฉ๐ฐ ๐ธ๐ข๐ฏ๐ต ๐ต๐ฐ ๐ท๐ฆ๐ณ๐ช๐ง๐บ ๐ค๐ฐ๐ฏ๐ต๐ฆ๐ฏ๐ต ๐ญ๐ฐ๐ค๐ข๐ญ๐ญ๐บ.โ
In Nostr 2.0, user light wallets can verify data with on-chain Merkle proofs without needing to spin up an IPFS node or Nostr node. This advancement addresses some of the resource-intensiveness associated with IPFS and can help improve the user experience and scalability of decentralized web applications.
2. Light wallet users verifying a custom URL on ION doesn't seem as secure as light wallet users doing so via an ENS registry. To my knowledge, ION doesn't support custom domains yet; this might be why.๐๐งต
The ENS registry lets user light wallets verify the state of the on-chain domain registry smart contract with a Patricia-Merkle proof that prevents duplicate registration of domains. This way, light wallet users can't be tricked into resolving a domain to the wrong IP.
ION, on the other hand, verifies domains through a normal Merkle proof, but light wallet users can be tricked because an ION node could modify their ION software and deliver a Merkle proof to users showing a new on-chain registration of an already registered domain.
๐๐ฉ๐ฆ ๐๐๐ ๐ฏ๐ฐ๐ฅ๐ฆ ๐ค๐ฐ๐ถ๐ญ๐ฅ ๐ช๐จ๐ฏ๐ฐ๐ณ๐ฆ ๐ข ๐ฑ๐ณ๐ฆ๐ท๐ช๐ฐ๐ถ๐ด ๐ณ๐ฆ๐จ๐ช๐ด๐ต๐ณ๐ข๐ต๐ช๐ฐ๐ฏ ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ค๐ถ๐ด๐ต๐ฐ๐ฎ ๐ฅ๐ฐ๐ฎ๐ข๐ช๐ฏ, ๐ฏ๐ฐ๐ต ๐ฅ๐ฆ๐ญ๐ช๐ท๐ฆ๐ณ ๐ข ๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ฐ๐ง ๐ช๐ต ๐ต๐ฐ ๐ต๐ฉ๐ฆ ๐ถ๐ด๐ฆ๐ณ, ๐ข๐ฏ๐ฅ ๐ต๐ฉ๐ฆ ๐ญ๐ช๐จ๐ฉ๐ต ๐ธ๐ข๐ญ๐ญ๐ฆ๐ต ๐ถ๐ด๐ฆ๐ณ ๐ธ๐ฐ๐ถ๐ญ๐ฅ ๐ฏ๐ฆ๐ท๐ฆ๐ณ ๐ฌ๐ฏ๐ฐ๐ธ. ๐๐ช๐ฏ๐ค๐ฆ ๐ญ๐ช๐จ๐ฉ๐ต ๐ธ๐ข๐ญ๐ญ๐ฆ๐ต ๐ถ๐ด๐ฆ๐ณ๐ด ๐ฅ๐ฐ๐ฏ'๐ต ๐ฉ๐ข๐ท๐ฆ ๐ข ๐๐ข๐ต๐ณ๐ช๐ค๐ช๐ข-๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ต๐ฐ ๐ท๐ฆ๐ณ๐ช๐ง๐บ ๐ต๐ฉ๐ฆ ๐ด๐ต๐ข๐ต๐ฆ ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ณ๐ฆ๐จ๐ช๐ด๐ต๐ณ๐บ, ๐ต๐ฉ๐ฆ๐บ'๐ณ๐ฆ ๐ซ๐ถ๐ด๐ต ๐ณ๐ฆ๐ญ๐บ๐ช๐ฏ๐จ ๐ฐ๐ฏ ๐ต๐ฉ๐ฆ ๐ง๐ข๐ค๐ต ๐ต๐ฉ๐ข๐ต ๐ต๐ฉ๐ฆ ๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ณ๐ฐ๐ฐ๐ต ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ช๐ด ๐ฐ๐ฏ-๐ค๐ฉ๐ข๐ช๐ฏ ๐ง๐ฐ๐ณ ๐ต๐ฉ๐ฆ๐ช๐ณ ๐ฅ๐ฐ๐ฎ๐ข๐ช๐ฏ ๐ท๐ฆ๐ณ๐ช๐ง๐ช๐ค๐ข๐ต๐ช๐ฐ๐ฏ โ ๐ต๐ฉ๐ข๐ต ๐ช๐ด๐ฏ'๐ต ๐ฆ๐ฏ๐ฐ๐ถ๐จ๐ฉ.
An ION node could deliver a valid Merkle proof showing the data is on-chain while omitting the previous registration. Since the user doesn't have the ability to verify if the registry rejected the domain registration entry in ION, it is vulnerable to this omission attack โ unlike the ENS registry, where light wallet users can verify if the ENS registry rejected the custom URL by checking the state of the ENS smart contract with Patricia-Merkle trees. Light wallet users don't have the luxury of a Patricia-Merkle tree in ION, so they don't get the same level of verification.
This is likely why ION does not support custom URLs.
The normal internet started with IP addresses, then custom domains came afterward. It seems like a wise route to follow for now, as current solutions for custom URLs on Bitcoin are inadequate. Bitcoin addresses will be our URLs for now, like IPs in the early '80s.
I'd appreciate anyone skilled in DID URLs responding moegrammer (npub1m0eโฆv88s) brockm (npub1hyqโฆk7cp) and proving me wrong if I am. ION is indeed complicated, and now I understand why fiatjaf (npub180cโฆh6w6) and jb55 (npub1xtsโฆkk5s) complain about it as a standard.
Colby / Colby Serpa ๐งฌ
npub1t8โฆra5h9
2023-03-16 22:44:28
in reply to nevent1qโฆ2lmm
Author Public Key
npub1t89vhkp66hz54kga4n635jwqdc977uc2crnuyddx7maznwfrpupqwra5h9Published at
2023-03-16 22:44:28Event JSON
{
"id": "5799463cb3a8e0e5ae04ada95dc02d990052a7f4fac36e4f1a3d3ccb04541772",
"pubkey": "59cacbd83ad5c54ad91dacf51a49c06e0bef730ac0e7c235a6f6fa29b9230f02",
"created_at": 1679006668,
"kind": 1,
"tags": [
[
"e",
"6e1828963340f8c865c863be2d7cb984f8eb43fe6ddad32b3ecf8f5846345810"
],
[
"p",
"dbf3d7c79a92995ccfb135997ac1612f41637c8a805be393204b3d1c2769d127"
],
[
"p",
"b9003833fabff271d0782e030be61b7ec38ce7d45a1b9a869fbdb34b9e2d2000"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
]
],
"content": "DIDs as URLs will be needed for a decentralized web, but I have some concerning doubts about ION.\n\n1. ION uses IPFS. Nostr 2.0 will replace IPFS for off-chain data storage. IPFS is clunky software that forces users to spin up a node to verify data, killing the user-server model that we're trying to decentralize with Nostr. Proof of this requirement in IPFS is in the quote below.\nhttps://decrypt.co/resources/how-to-use-ipfs-the-backbone-of-web3\n\nโBrave gives you the option to access IPFS content through a public gateway or ๐ต๐ฉ๐ณ๐ฐ๐ถ๐จ๐ฉ ๐บ๐ฐ๐ถ๐ณ ๐ฐ๐ธ๐ฏ ๐ญ๐ฐ๐ค๐ข๐ญ ๐ฏ๐ฐ๐ฅ๐ฆโ๐ต๐ฉ๐ฆ ๐ญ๐ข๐ต๐ต๐ฆ๐ณ ๐ฐ๐ฑ๐ต๐ช๐ฐ๐ฏ ๐ช๐ด ๐ง๐ฐ๐ณ ๐ต๐ฉ๐ฐ๐ด๐ฆ ๐ธ๐ฉ๐ฐ ๐ธ๐ข๐ฏ๐ต ๐ต๐ฐ ๐ท๐ฆ๐ณ๐ช๐ง๐บ ๐ค๐ฐ๐ฏ๐ต๐ฆ๐ฏ๐ต ๐ญ๐ฐ๐ค๐ข๐ญ๐ญ๐บ.โ\n\nIn Nostr 2.0, user light wallets can verify data with on-chain Merkle proofs without needing to spin up an IPFS node or Nostr node. This advancement addresses some of the resource-intensiveness associated with IPFS and can help improve the user experience and scalability of decentralized web applications.\n\n2. Light wallet users verifying a custom URL on ION doesn't seem as secure as light wallet users doing so via an ENS registry. To my knowledge, ION doesn't support custom domains yet; this might be why.๐๐งต\n\nThe ENS registry lets user light wallets verify the state of the on-chain domain registry smart contract with a Patricia-Merkle proof that prevents duplicate registration of domains. This way, light wallet users can't be tricked into resolving a domain to the wrong IP.\n\nION, on the other hand, verifies domains through a normal Merkle proof, but light wallet users can be tricked because an ION node could modify their ION software and deliver a Merkle proof to users showing a new on-chain registration of an already registered domain.\n\n๐๐ฉ๐ฆ ๐๐๐ ๐ฏ๐ฐ๐ฅ๐ฆ ๐ค๐ฐ๐ถ๐ญ๐ฅ ๐ช๐จ๐ฏ๐ฐ๐ณ๐ฆ ๐ข ๐ฑ๐ณ๐ฆ๐ท๐ช๐ฐ๐ถ๐ด ๐ณ๐ฆ๐จ๐ช๐ด๐ต๐ณ๐ข๐ต๐ช๐ฐ๐ฏ ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ค๐ถ๐ด๐ต๐ฐ๐ฎ ๐ฅ๐ฐ๐ฎ๐ข๐ช๐ฏ, ๐ฏ๐ฐ๐ต ๐ฅ๐ฆ๐ญ๐ช๐ท๐ฆ๐ณ ๐ข ๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ฐ๐ง ๐ช๐ต ๐ต๐ฐ ๐ต๐ฉ๐ฆ ๐ถ๐ด๐ฆ๐ณ, ๐ข๐ฏ๐ฅ ๐ต๐ฉ๐ฆ ๐ญ๐ช๐จ๐ฉ๐ต ๐ธ๐ข๐ญ๐ญ๐ฆ๐ต ๐ถ๐ด๐ฆ๐ณ ๐ธ๐ฐ๐ถ๐ญ๐ฅ ๐ฏ๐ฆ๐ท๐ฆ๐ณ ๐ฌ๐ฏ๐ฐ๐ธ. ๐๐ช๐ฏ๐ค๐ฆ ๐ญ๐ช๐จ๐ฉ๐ต ๐ธ๐ข๐ญ๐ญ๐ฆ๐ต ๐ถ๐ด๐ฆ๐ณ๐ด ๐ฅ๐ฐ๐ฏ'๐ต ๐ฉ๐ข๐ท๐ฆ ๐ข ๐๐ข๐ต๐ณ๐ช๐ค๐ช๐ข-๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ต๐ฐ ๐ท๐ฆ๐ณ๐ช๐ง๐บ ๐ต๐ฉ๐ฆ ๐ด๐ต๐ข๐ต๐ฆ ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ณ๐ฆ๐จ๐ช๐ด๐ต๐ณ๐บ, ๐ต๐ฉ๐ฆ๐บ'๐ณ๐ฆ ๐ซ๐ถ๐ด๐ต ๐ณ๐ฆ๐ญ๐บ๐ช๐ฏ๐จ ๐ฐ๐ฏ ๐ต๐ฉ๐ฆ ๐ง๐ข๐ค๐ต ๐ต๐ฉ๐ข๐ต ๐ต๐ฉ๐ฆ ๐๐ฆ๐ณ๐ฌ๐ญ๐ฆ ๐ณ๐ฐ๐ฐ๐ต ๐ฐ๐ง ๐ต๐ฉ๐ฆ ๐ฑ๐ณ๐ฐ๐ฐ๐ง ๐ช๐ด ๐ฐ๐ฏ-๐ค๐ฉ๐ข๐ช๐ฏ ๐ง๐ฐ๐ณ ๐ต๐ฉ๐ฆ๐ช๐ณ ๐ฅ๐ฐ๐ฎ๐ข๐ช๐ฏ ๐ท๐ฆ๐ณ๐ช๐ง๐ช๐ค๐ข๐ต๐ช๐ฐ๐ฏ โ ๐ต๐ฉ๐ข๐ต ๐ช๐ด๐ฏ'๐ต ๐ฆ๐ฏ๐ฐ๐ถ๐จ๐ฉ.\n\nAn ION node could deliver a valid Merkle proof showing the data is on-chain while omitting the previous registration. Since the user doesn't have the ability to verify if the registry rejected the domain registration entry in ION, it is vulnerable to this omission attack โ unlike the ENS registry, where light wallet users can verify if the ENS registry rejected the custom URL by checking the state of the ENS smart contract with Patricia-Merkle trees. Light wallet users don't have the luxury of a Patricia-Merkle tree in ION, so they don't get the same level of verification.\n\nThis is likely why ION does not support custom URLs.\n\nThe normal internet started with IP addresses, then custom domains came afterward. It seems like a wise route to follow for now, as current solutions for custom URLs on Bitcoin are inadequate. Bitcoin addresses will be our URLs for now, like IPs in the early '80s.\n\nI'd appreciate anyone skilled in DID URLs responding #[1] #[2] and proving me wrong if I am. ION is indeed complicated, and now I understand why #[3] and #[4] complain about it as a standard.",
"sig": "f9b3846e39014fbf4c161b6ad631b8c777beba0da3aa9949d83cf4a655781b66e51bd6d71ec410064548e4403894f064b22f930b21411f0dfbe586c88b4b56d9"
}