Add full support for pgp/gpg proofs in profiles

[larrysalibra]

Let's a discussion around adding first-class support for pgp key proofs in Blockstack ID profiles

[vsund]

The standard approach for this would be to require people to sign the "My Blockstack ID is xyz" statement and then put the signature of this into the profile.
This would need two things:

• Fetching the corresponding key from its source (since only the fingerprint and a link is in the profile)
  • (the fingerprint should have a minimum required length)
• Then verifying whether the signature is correct

Such a process of verifying key ownership would be possible for other keys too (Bitcoin, Altcoins, SSH, etc).

This might have some security implications which we should discuss before implementing it: Proofs like the Twitter one has always some way of revoking it. For example if someone hijacks your account (or you decide to delete it), you're in the position of deleting the proof tweet and you're fine.
With putting the signature into your profile, you have no such possibility. Proofs might be in some caches or offline storage.
This isn't a big problem when you key gets into somebody's hands, but you might lose it or decide that you'd like to revoke the proof. Another problem: Names expire. So if you don't renew the name, the next owner might be in the position to copy your proof into his profile.

Is this a problem and should we solve it? Or is this a design flaw in the underlying system (simple signature checking as ownership proof)?

[vsund]

A possible solution would be to include a block height until the signature should count as valid. For example "My Blockstack ID is xyz, at least before block 123". The default block height would be the expiry block of the corresponding ID, or on behalf of the user likes less/more.

The user would have to re-sign this statement once in a while, but it would solve most of these problems.

[larrysalibra]

Another problem: Names expire. So if you don't renew the name, the next owner might be in the position to copy your proof into his profile.

The signed message should include the identity address, not the name. This avoids the name expires problem.

This isn't a big problem when you key gets into somebody's hands, but you might lose it or decide that you'd like to revoke the proof.

To revoke it, you can remove it from your profile. For a proof to be valid it needs to have a valid signature and be in your profile.

[larrysalibra]

Currently a PGP key entry in the profile accounts array looks like this:

{
              "contentUrl": "http://pgp.mit.edu/pks/lookup?op=get&search=0xDE3B5425164C4849",
              "identifier": "B516CB7A08819697B25E4694DE3B5425164C4849",
              "role": "key",
              "@type": "Account",
              "service": "pgp",
              "placeholder": false
}

We can add a signed message to the above object that is the same as the message we use on social media account proofs to it and add support to the validateProofs method for verifying the proof.

As part of this issue we want to:

1. define and document the changes that need to be made to the pgp key account object so that it can store a signed message proof
2. add support to validateProofs for verifying the proof

Changes for this issue should have corresponding tests and should have flow type declarations.

Once support for verifying proofs is added to blockstack.js, we can add support to the browser for adding them. (out of scope for this issue).

[vsund]

{
    "@type": "Account",
    "placeholder": false,
    "service": "pgp",
    "identifier": "0x52d1150ba2da8056fac219cca1aade57842a21a3",
    "proofType": "http",
    "proofUrl": ""
}

My account looks a bit different (and if I remember correctly it was created with the latest browser version?).
If this is correct, we could simply add a proofUrl to some file in Gaia. Another option would be to store it inline, not yet sure about pros/cons. What do you think?

[larrysalibra]

Still looking for help on this.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed. Please reopen if needed.