Authentication using domain name

[Falci]

This HIP describe how to authenticate a user using his/her Handshake name.

[Falci]

I'd like to request a special attention to the Exposing the public key section. It's totally arbitrary

[zfogg]

this is awesome. do none of the commonly used .well-known/ services work for this? i'm surprised there isn't an ietf rfc that implements something like this already

[Falci]

I checked the Wikipedia list and the IANA list but I didn't spot anything that could be used instead.

[Falci]

What would you prefer?

1. web+hns://authentication/?challenge=<CHALLENGE>&callback=<CALLBACK>
2. web+authentication://<CHALLENGE>@<CALLBACK>
3. web+auth://<CHALLENGE>@<CALLBACK>
4. Other?

[zfogg]

@Falci I suppose if there's nothing particularly Handshake specific about the implementation, then other projects could implement it or be compatible with it as well; no need to include "hns" in the spec unless hns is actually required for it to work and it won't work without hns, you know? so the second option looks the best to me, although the third option is most aesthetically pleasing.
i say number 2!

[brandondees]

@Falci I vote definitely not the prefix for 1, as this scheme is orthogonal to HNS. i think there is prior art that would collide with 2 and 3 so maybe some more homework is in order before committing to the protocol handler side of it. assuming there's no conflict or confusion with other schemes, web+authentication is less ambiguous. i'm not sure about the @ which already implies email addresses and could be confusing. the query string format seems like it would be conventional and flexible. again, i'd suggest digging through all the existing standards for this type of scheme first to avoid conflicting approaches or re-discovering issues that have already been figured out by other teams.

i understand that there may be nothing already on the .well-known lists, but there are definitely tons of existing auth protocols including ones with challenge-response modes, redirect callbacks, and special protocol handler schemes, many of which could probably be informative for these design choices.

[Falci]

Just to keep track: this should be merged as HIP-0003

[Falci]

Does this HIP still make sense after the handshake-org/hsd/pull/609 ?

[pinheadmz]

@Falci I think so, it's different things. Users will likely want to store names on hardware wallets and name authentication may be a situation where they want to use a different set of keys, or rotate the keys more frequently, etc.

[NetOpWibby]

Is there a(n optional) way to use a hardware wallet as part of the authentication scheme?

[NetOpWibby]

Some grammar updates and removing gender.

[Falci]

I want to give this PR a new try. This is using DNS records now. Please, review and comment.