Sound will make this fun

It would be nice to create a standard class with standard methods to allow for easy adding of social proof published sites.

So, extract out the Gist code and reddit code and make a standard class that can be implemented for additional sources of proofs.

I imagine the interface implements something like:

• getRawData(url)
• extractProof(rawData)

Then the proof can just be handled generically

Using browserify-level, create an API for storage and retrieval of proofs

I've came across this project and we, at the IPFS DDC working group, will be doing something very similar. To give you some context, the IPFS DDC works towards offering libraries for developers to build DApps. Having an Identity solution is something we have been researching in the past few months. We have actually made a RFC for people to read and give feedback: https://github.com/ipfs-shipyard/peer-star/blob/rfc-identity/docs/rfc-identity.md (PR here). The RFC culminates with the proposal of creating the IDM (Identity Manager):

• Allows to create/import identities
• Allows managing identities, including attaching social proofs to them
• Allows typical login workflows for users to login to DApps by choosing one identity
• Allow signing workflows between the DApps and the logged in identity
• Embraces open standards, such as DIDs, DID-Auth and Verifiable Claims

I would kindly ask you to read the RFC and comment on the project similarities/differences.
Also, have you looked into https://github.com/jonnycrunch/ipid? It's a DID method implemented on top of IPFS.

There's a lot of similarities between this project and IDM. I wonder if we could exchange ideas and perhaps even share code. Looking forward to see where this project is going and how we could collaborate!

edit Looks like a lot of this issue is confusion of key types and not understanding all formats

I have spent a little bit of time figuring out the round trip of RSAPubKey -> Uint8Array -> 'base64' string.

For whatever reason, when TextEncoder - and pretty much all of the base64 -> Uint8Array Array libraries I have found on npm, the returned Uint8Array has the wrong prototype (TypedArray) or the Uint8Array is too short (288 vs 299 length).

I kind of think there is a base64 encoder/ decoder inside IPFS code somewhere, I just have not found it yet.

In the mean time I have declared the public keys as Dehydrated Public Keys and they are merely created like this: plaintext = JSON.stringify([Uint8Array] rsaKeyBytes)

This way we can not test the network connectivity live in the test and we will avoid false test failures over weird async behavior.

each peer can create new channels for peers to subscribe to

The channel names should be unique hashes - the channels can be advertised to followers perhaps?

A channel's meta data should resemble the metadata of a newsgroup or subreddit:

{
  name: 'My Discussion Forum',
  id: 'Qmhash-unique-id-ofsomekind',
  description: 'Blah blah blah'
  'locale': 'na' // en-uk, de-de, etc 
}

Syncing the log of post hashes needs to be worked out, but I imagine each post could include the previous post ipns hash and the original ipns hash so clients could potentially re-create the history (albeit slowly)... I have yet to look into CRDT code like orbit-db, etc

Like #8 we need to break this code up - it is a POC as of now, but will be better to work with is multiple components

The full proof is saved to IPFS but not saved to the local database after saveToIPFS() is called

depends on #10 - still need to expose API that PEM-encodes the signature

Must put PEM-encoded signature into the proof and PEM-encoded public key

When verifying the proof, must convert PEM to RSA pub key and PEM signature to buffer / bytes

There is a test for signature verification in test/index.js, but a full on test suite needs to be created at least for the code in src/index.js

Need to be able to delete a proof from leveldb and if pinned, remove the pin

use case: a new peer subscribes to the IPFS_SOCIAL_PROOF topic and should immediately broadcast its identity information: pubkey, handle, etc.

see: https://github.com/IBM/ipfs-social-proof/blob/master/src/index.js#L93

Peers should update the peer list.

It may also be handy to keep track of peers in level-db: peerHash, firstSeen, lastSeen, currentHandle, etc

Not sure why, but copy to clipboard in the proofs tab fires multiple times

Right now all the code is one module, this is not going to scale with development

The level db is no doubt great for binary data, but is too much trouble for application JSON docs.

#11

and https://github.com/IBM/ipfs-social-proof/blob/following-peers-persistence/src/db.js

It is not enough to just just a peer's locally stored proofs (this is fine for the POC) - we need to pull down a remote proof json doc, validate what HTTPS url it came from (github, reddit, etc) and verify the signature on the fly.

In the client this would be run every time a user examines the 'publicKeyCard' of a peer. I know Keybase does this as you see the verification icons chnage state when looking at another user's profile.

A proofs class that mints proofs as a more "standard" JSON format, with a version and a JSON schema to validate them is a pretty good idea

For context, I'm referring to the Decentralized Identifiers (DIDs) spec. https://w3c-ccg.github.io/did-spec/

Probably a bit early, but I think it's worth mentioning: would be great if this could be defined as a formal DID method.

I would be glad to help make this happen.

One example of a DID method: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/topics-and-advance-readings/DID-Method-erc725.md

Current list of DID methods: https://w3c-ccg.github.io/did-method-registry/

Pull proofs off of reddit urls

use reddit API to check username validity, grab proof data, validate and verify

For now, this is Reddit and Github. This is mainly a UI issue in the Proof Component

When peer joined is triggered, we immediately update the profile in the peers view with the generic IPFS peerId, sometimes the peer broadcast to the room takes a bit to update the peer with handle, etc.

We should check our local contactsDB for the peerId and use the cached data to update the peers UI.

Also, we should look for handle / bio / etc changes and upsert our contactsDB as we see these changes.

The follow button logic is flawed. Need to make sure a default state is displayed

Also, see: https://eslint.org/docs/rules/no-return-await

Error: {"status":409,"name":"conflict","message":"Document update conflict"}

Not sure what is going on see: test/db.spec.js

PLAN.md is a stream-of-consciousness-like document - it needs to be re-organized and updated with the latest thoughts and completed tasks.

• Improve Identity view layout
• Create es6 class-based yo-yo component like: https://github.com/IBM/ipfs-social-proof/blob/master/client/components/public-key-card.js

Need to track down the errant record written into proofsDB that appears to just be the revision record, not the actual proof record.

expose async pin api: add, rm and ls