Login with Handshake
Tieshun Roquerre
You can implement decentralized logins using Handshake names. There are many potential implementations, but here's one: say I have tieshun/ on Handshake (I do). I can generate a pgp key and pin the fingerprint to tieshun/ on-chain as a TXT record while storing the private key in a chrome extension. When I visit a website the website can authenticate I am tieshun/ by asking the chrome extension to sign an arbitrary message, which the website can then trustlessly verify against the pinned key.
There are a lot of amazing use-cases this tool can enable. Outside of sovereign identity, it would also enable shared login across decentralized applications, such as a decentralized Reddit where each subreddit is a separate server controlled by the subreddit's maintainers.
Fernando Falci
What about login using the HNS address instead pgp key?
You could store the address in the TXT as well
Tieshun Roquerre
Fernando Falci: sure you can do that too. You can technically sign with a BTC or ETH address too. I think it's better to have a separation of concerns and use a separate key for logging in, though I'm curious what benefits you see in using wallet addresses for this purpose
Fernando Falci
Tieshun Roquerre: using a HNS address avoids adding an external dependency. Also, since you can generate multiples address with the same private key, they would be like different personas.
On top of that, any app that uses address as login, could add features for tipping the users. "Do you like this comment? Click here and tip 1 HNS"
Fernando Falci
Just to update: after some reflection, HNS address seems a bit risk.
If we use an address to login, we should never send coins to this address (which invalidated the tipping idea).
Instead, we could use an ECDSA.
To proceed with this idea, we should first create an HIP (https://github.com/handshake-org/HIPs)
WDYT?
Fernando Falci
Hey!
I start a small project, trying to solve this: http://auth.sinpapeles/
I'd love some feedback :)