macgirvin

macgirvin at

> Also, I think Zot nomadic identities uses a public key as user identifier.

Indirectly. They use a generated id and the signature of the id; which you need to obtain the public key to verify. Once verified, the id and sig are hashed to create a local identifier which is the "proven identity" and is a convenient local reference for that identity. Even though it hashes to the same thing on different sites, we never trust another site's hash and fetch the key and verify it ourself and then only store the hash we have verified. 

Then we do essentially the same thing for location, which is stored separately from the identity, and is what makes it nomadic. You can pair any location with any identity, as long as the location was signed by that identity.

Christopher Allan Webber likes this.