TokenScript Weekly meeting #36

Agenda:

1. Question: naming: cheque, magic link, Attestation?

Attestation:

        a signed message where the data object (signedInfo) is
        attested by the signer.

        Compared with SSL Certificate: only the subject is attested to.

        e.g. SignedInfo in an exaple certificate:

        rdn (subject) is cn=www.alphwallet.com
        cn: www.aphawallet.com
        o: AlphaWallet Pty Ltd
        c: AU
        st: NSW
        l: Sydney
        ou: Mobile Appp
        email: support@alphawallet.com

Cheque:

        a signed message that containes a promise from the
        signer, etiher a promise-to-pay, or promise-to-deliver,
        with conditions.

MagicLink:

       is an encoding method. (to encode a cheque or an attestation)


2. Component list for Alice-send-ether-to-Bob-by-identifier story.

First project:

Bob:

cards:

- signing request card
- attestation token card
- attestation prove/login card

websites:

- attestor (http://attestation.id)
- alphawallet (http://alphawallet.com)

TokenScript

- the tokenscript file for "Email Attestation"


Second Project

Alice:

Cards:

- Cheque creation card (promise to pay 1 ether -> share magic link)
- Activity for the Cheque (might have action like cancel the cheque)
- Redeem card (for the cheque to run on Bob's mobile)
- Redeem Activity

Smart Contract:

- A smart contract that can redeem the cheque (check protocol)
  (Downside: she can't canel the cheque on another device)

Boon asked: are attestations backed up?

some are (cheques are, attestations to FIFA ticket are)
some are not (email identifier attestation is not)

Reason for some keys not backedup:

You need to think from the perspective of an adversary. Let's not
make this too long but let's say:

1. an adversary acquire an email attestation on his email
address. This attestation and owner is legit at this
moment. Let's say the email address has value, i.e. it's one that
ends with .edu (which allows you to get educational rebate or
discount).

2. he copies and pass the key and the attestation to 100 people
so that they can login to a website with educational rebate
option.

3. at this point, the website doesn't know for sure if the
visitor is the adversary or one of the 100 buyers of the copies.

------------

3. Review Sangalli problem (we have no solution so far).