what is the ID of the fusion identity?

Question

what is the ID of the fusion identity?

mixmix opened this issue 3 years ago · comments

is it:

the root message key?
- if yes, then why is the proposed format @sdafsdfsdf=.fusion-v1
is if the public part of a public/private keyPair that then gets used for DM'ing?
- if yes, how do we share the private part, and publish the public part?
- how do we cycle the dm keys? (do we need to?)

Anders Rune Jensen · Answer 1 · Mon Jul 26 2021 18:15:28 GMT+0800 (China Standard Time)

* the root message key?

no

* is if the public part of a public/private keyPair that then gets used for DM'ing?

yes

  * if yes, how do we share the private part, and publish the public part?

Private: https://github.com/ssb-ngi-pointer/fusion-identity-spec#entrust

Public: since all the messages except entrust is public and includes the public key, one should be able to figure out what fusion identities a ID is part of by reducing the state. Specifically init and consent and tombstone messages are important.

  * how do we cycle the dm keys? (do we need to?)

IIRC we decided not to do this as that would complicate the spec and you can always cycle keys by tombstoning and creating a new identity.

mix irving · Answer 2 · Tue Jul 27 2021 08:32:01 GMT+0800 (China Standard Time)

thanks for some of those reminders - hard trying to design two similar features in parallel

so we would have a thing like:

@sfsdfsdfs.....dfsdf=.fusion1
this could be used to look up a root messageId, then reduce the tangle to see who's involved (if you want)
if you put this in recps then you know to use this as a dm key
- doesn't require looking anything up from key-store, just go straight to DH-key with appropriate key-scheme