
OneName – Distributed Identity Database using Namecoin - heliumcraft
https://www.onename.io/
======
bredren
[http://imgur.com/MDwlDSt](http://imgur.com/MDwlDSt)

How many and which usernames have been set aside by the dev team, and how were
the decisions made to offer them to select people?

~~~
ryan-c
Looks like they grabbed all one and two character names, plus a little over
600 others: [http://pastebin.com/gnLGmvXu](http://pastebin.com/gnLGmvXu)

~~~
ryan-c
It would have been nice if they're reserved names for namecoin devs, it looks
like someone grabbed u/khal who is not khal.

~~~
muneeb
Oh how do you know it's not the real khal?

~~~
ryan-c
The bitcoin address in the profile is also used by u/speedcore and he always
uses vanity addresses.

------
thomaszander
This service, and it seems by extension namecoin, raise some questions in my
mind.

It seems to me that you will very quickly run out of useful names and instead
get confusingly similar names. It gives the illusion of human-readable, but
its really not. Refer to xkcd 1279 for why this becomes an issue :)

The bitcoin integration is flawed; People don't have one wallet address, any
wallet can generate hundreds or thousands of addresses. Remember, there is no
message you can send with a bitcoin payment so what you are expected to do is
create a new bitcoin address for every payment you want made out to you.

What is with the limitation of only supporting 'a-z0-9' ? Swedes and Russians
would probably appreciate a much larger set of characters. Not to mention
Klingons!

~~~
rxl
Hey Thomas, thanks for your comments.

1) Every username system has some limitation on usernames. Look at Twitter.
There are 650 million twitter users, and all of them picked usernames in the
same global namespace. This demonstrates that using a global namespace is
quite doable.

2) You're right, people usually have multiple Bitcoin addresses and quite a
few people prefer to use different addresses for different transactions.
However, the protocol is extensible and is not limited to a single address. In
the future, the protocol will support a list of bitcoin addresses instead of a
single address. Further, you can use a hierarchical bitcoin address and direct
people to different addresses in the hierarchy. In that sense, the bitcoin
address listed is just a way to identify the tree of addresses the user owns.
Last, the protocol supports data to be linked to from the blockchain, so if
you want, you can have a next pointer lead to an API endpoint that returns a
different bitcoin address every time.

3) As far as supporting only [a-z0-9_], those are the characters that most
username systems support, including twitter. Some say this is due to the fact
that those are the only "word" characters. Also, using this set makes it more
difficult to confuse addresses. The domain name system has similar
restrictions for similar reasons. I know that international readability takes
a bit of a hit, but I'm sure we'll find ways to improve the experience. We're
all up for suggestions.

~~~
konklone
Don't underestimate how much work Twitter has to do with a global namespace.
Brand protection complaints and negotiation, conflict resolution, allowing
renames, allowing reuse of abandoned names...it's not trivial, and unlike the
Internet (where every registrar deals with a piece the userbase), they
centralize all that labor.

------
muneeb
Muneeb here, one of the devs of OneName. Just wanted to let everyone know that
we got way more load than we expected and had to fire up a lot of additional
namecoind servers. The new servers started coming online 1-2 hours back. So if
you registered between 11am and 3:30pm EST then your profile processing could
be delayed by a few extra hours. Sorry for the inconvenience, but firing up 10
extra namecoind servers while keeping the current setup from not choking was a
"fun" experience :D

I need my breakfast now

------
nicholasreed
I'm concerned that I get the following email after signup:

"P.S. The passphrase you wrote down earlier is the secret key that gives you
access to your username and profile. We don't have a copy of this key, so if
you lose it, your username will be lost forever. Just in case that happens,
though, we've created a backup code for you. When combined with our own backup
code, your secret key will be able to be recovered. Here it is: [redacted]"

I don't understand why the service is emailing out this key.

~~~
rxl
We don't have your private key, and so we have you write down a passphrase
that can derive the key (sha256(passphrase)). In addition, we have a last
resort mechanism to help you recover your private key if it ever gets lost. We
use shamir's secret sharing to split up the secret key, and send you a share.
The pk can only be reconstructed when both shares are combined. We have zero
information about your pk.

~~~
nicholasreed
Why email it to me though? If all you need to essentially recreate the private
key is this tidbit you've emailed me (plaintext, available to anyone), plus
the (potentially compromised) tidbit on your server... What am I missing?
Shamir's secret sharing doesn't help me if you already have access to all the
pieces (your email account and a hacked server).

~~~
derefr
I assume, by "they don't have it", they actually mean "they had it when you
input it into their sign-up form, kept it just long enough to put it into an
email, and then erased it."

------
cauterize
Are we supposed to use the generated Bitcoin address or supply our own? I
assumed supply my own, yet when the next step asks to write down the pass-
phrase I'm now unsure of it's intent.

~~~
muneeb
You should use your own Bitcoin address (from coinbase, blockchain.info, or
Bitcoin client). We generate a default BTC address (using the same
passphrase/private-key) for people who don't already have bitcoin addresses.

~~~
troymc
I didn't have a pre-existing Bitcoin address; I signed up for a OneName
account mainly to claim the handle that I prefer to use online. I now have a
Bitcoin address, but is it just pretend? Or what? Perplexed.

~~~
rxl
You can get the private key for the bitcoin address we created for you by
calculating the sha256 of the passphrase you wrote down. We're working on
improving this process and in the mean time we'll clarify further. Thanks!

------
mediocregopher
Just registered my name and I have to say I really like the whole process. It
was very smooth, and I like the way it looks and the potential it has.

Is there any way this can be a truly open-source project? Right now the
"protocol" is open, but if wanted to host my own front-end for me and friends
then I'm out of luck.

~~~
reedlaw
It's just a pretty front end for a namecoin blockchain explorer. You can
certainly create your own or use this one:
[https://dotbit.me/block_explorer/name/u/cshrem](https://dotbit.me/block_explorer/name/u/cshrem)

~~~
mediocregopher
It's more than that. It's an extremely easy to use frontend. For instance,
that link you posted doesn't have any way to see the JSON form of the profile.
It also doesn't do any of the fanciness you mentioned below with joining
together split up profiles that you mentioned in a comment earlier. More than
that, this space needs some sort of de-facto standard for the protocol, and
yours is as simple as any else.

Here's the use-case I'm thinking of. I want to create an in-browser pgp-
messager using pgp keys that are on the nmc blockchain. If the onename
"protocol" became ubiquitous this would be more or less trivial. A simple
webpage with a "username" field and a "message" field. Javascript fetches the
public key listed in the profile and encrypts the message (ignoring potential
issues with using javascript for encryption).

That would be awesome, and there would be a million other applications
besides. The problem is "onename.io" is a central point, both for failure and
attack. If others could run this same pretty frontend, then there could be
third field on that page for "onename endpoint", which would default to
"onename.io" but could be anything. I could have my own personal instance, my
employer could run one, my ISP for my neighborhood, etc... Farther down the
line it could even be something built into a browser or OS, where you can
specify custom default endpoints just like you do with DNS.

I don't really have any say with what you've created, it's your thing and you
do with it as you see fit. But in my opinion your "pretty front end" is the
best one so far, and I think could actually have appeal outside of crypto-
geek-world. You just need to open-source it :P

~~~
rxl
Hey, thanks for the feedback!

I love your pgp-messenger idea - you should do it!

And you're right - the pretty front end is a big component. Two things, though
- 1) we're working on open sourcing the profile crawler 2) it shouldn't be
that difficult to roll your own pretty front end.

------
rjsamson
Cool, but how do I update my profile after creating it? I don't see any way to
log back in again?

~~~
rxl
We're working on a profile updating tool for the typical user and should have
it out in the next couple of days.

In the meantime, if you're somewhat tech savvy, you can update your profile as
follows:

1) download/install Namecoin-Qt or Namecoind

2) use the OneName profile builder and grab the JSON

3) calculate your WIF formatted private key from the passphrase (just a sha256
then a conversion to base58check - you can use
[https://github.com/halfmoonlabs/coinkit](https://github.com/halfmoonlabs/coinkit)
for that)

4) import your WIF into your namecoin client (you should now see the username
in your possession)

5) perform a "name update" operation with the new JSON profile data

------
rakoo
Why not use and extend the id/ [0] namespace ?

[0]
[https://wiki.namecoin.info/index.php?title=Identity](https://wiki.namecoin.info/index.php?title=Identity)

~~~
Encase
"we looked into "id/", but for various reasons decided to go with an entirely
new namespace. "id/" has been subject to a lot of name squatting, and we
believe that by starting anew, we can provide a better experience for users."

Source :
[http://www.reddit.com/r/Bitcoin/comments/201g66/onename_the_...](http://www.reddit.com/r/Bitcoin/comments/201g66/onename_the_decentralized_identity_system_for/cfyzpzd?context=3)

~~~
nezza-_-
By namesquatting names yourself? I'm getting the "This OneName username is
reserved for..." message too.

------
ramayac
Any other crypto currency on the road? Like Dogecoins?

~~~
rxl
Yes, we want to support Dogecoin soon. One simple thing we need, though, is an
icon similar to the fontawesome bitcoin icon.

~~~
crisnoble
You mean something like this?

[http://thenounproject.com/term/dogecoin/36264/](http://thenounproject.com/term/dogecoin/36264/)

------
aaron-lebo
Okay, so is this just for payments, or is there a way this could serve as a
way to login to different websites like Persona, oauth, or similar systems?

Do different namespaces exist? DNS at least gives a ton of different options,
so if a top-level domain you like is taken, you just use .net, .org, etc.

The global namespace seems like it might get crowded really fast. How to
prevent that?

~~~
rxl
A login system is definitely on the roadmap! We just decided to focus on the
initial usecase of bitcoin payments.

You're right, the global namespace very well might get crowded, but we'll see
how it plays out.

~~~
antocv
You should consider cities or regions as namespaces and not countries like
tld, because as you see with Ukraine, Kosovo etc they change. Birthcity or
village remains through generations. Language is also very crowded, names just
arent unique.

~~~
icebraining
I don't want my identity tied to my city or region. I might not want to give
out my birth city, or I may simply not identify with it anymore.

Forced namespacing is just a poor solution. Users can add whatever namespaces
they want to their own username if they want to, after all, it's just a
string.

------
Encase
What is the process for taking the passphrase generated on the website, to
being able to import it into the Namecoin-qt client?

~~~
rxl
We need to be clearer with this so apologies for the confusion. Calculate the
sha256 of the passphrase to get the namecoin private key (in hex form). Then
import the pk into namecoind or namecoin-qt with importprivkey.

~~~
Encase
Thanks for the response mate, I did try this but perhaps I made a mistake with
spelling.

For everyones reference however, should we include the spaces when applying
the sha256, or should it be one continuous string which we hash.

eg. sha256("police helicopter apple") or sha256("policehelicopterapple")

~~~
rxl
Include the spaces. Exactly as it appeared.

~~~
Encase
Thanks for the clarification, though I'm a tiny bit confused.

Using my passphrase, I can successfully generate a sha256 and then import my
bitcoin client, which then provides the same bitcoin public address as shown
on my profile (I left it as the default on profile creation).

This shows that I have calculated the hash on the correct passphrase (no
errors). However when importing the same key into namecoin-qt I'm getting
"Invalid private key (code -5)".

Am I doing something fundamentally wrong, the key should be able to be
imported into both -qt clients right? One for the ownership of the bitcoin
address and the other for ownership and management of the u/name. I'm
determined to get my head around this

Edit:

Ok it looks like Armory will happily accept the 64 long private key, but
namecoin-qt seems to prefer the 51 long keys. Perhaps in 'wallet import
format'. No error anymore, still trying to determine if its worked though.

~~~
rxl
Yes, when importing the private key into Namecoin-Qt, it needs to be in wallet
import format. Make sure it's a Namecoin WIF, though. You might find this
library helpful:
[https://github.com/halfmoonlabs/coinkit](https://github.com/halfmoonlabs/coinkit).

------
wyager
Wow. Very nice! This is _exactly_ what namecoin needs to see widespread usage.
It really is a very useful system.

~~~
muneeb
this is precisely my point, we love namecoin but it needs better
uses/applications of the key-value interface it exposes

------
ryan-c
Your code is leaking data into the i/ namespace - is this a bug?

~~~
rxl
No this is a feature. Big profiles (larger than 519 bytes) are chunked into
multiple key-value entries in the blockchain. The "head" chunk has a next
pointer to the next chunk and so on. The head chunk's key is the username, in
the "u/" namespace. We didn't want to polute the u/ namespace with follow on
chunks, so we just decided to go with "i/", but really the next pointer can go
to any key in the KV you want.

------
BillyParadise
OK, would be nice to change the pay-to address ;)

