Will domains expire?

Right now domains are linked to accounts, what happens if a user forgets their secret and password, is the domain lost forever?

Are there plans to incorporate expiries and safe network fees (it doesn’t have to be a large sum at all just enough that if people are no longer using them they free up to the world again)? This would also make a domain marketplace more attainable I imagine.

2 Likes

Yes, well not lost, just unable to be updated with new content.

Expiring domains could solve this, but it creates other problems - such as when you forget to renew and somebody can then impersonate you. In an autonomous network that’s an even bigger issue than where you can appeal to an authority to get your domain back.

A better approach would be to devise ways for people to reclaim their lost account, and this is planned, but not finalised.

For example, you could give a partial key to each of several people who you trust to look after it. If you lose access, you gather those partial keys together and use them to regain access.

5 Likes

You could be all of those several people. Different accounts.

2 Likes

I think many people would actually want a really simple way to recover lost account, at least read access, or perhaps write access with mandatory history/ledger being turned on in recovery cases, by giving a key to a trusted third party. In ways it kinda goes against the whole thing of keeping everything yourself, but if there was a way that you would be notified if that third party used the key and you had another key to revoke access in that case, it wouldn’t be too bad. With a solution like this it’s important that you’d be notified from the network what was accessed though.

This is a big problem with all kinds of data. People would lose their keys and then lose all the data all the time. It could give SAFE a reputation of being unsafe really. Relying on friends and family to take care of extra keys might still lead to people frequently misplacing keys/password written down or stored on some hardware device or whatever.

1 Like

Yeah I still think I’d prefer some sort of expiry mechanism…

If the “trusted third party” is selected by the user. Like a Gmail recovery account. Then: Yes.

Otherwise: The Worst. Because: That does go against everything the Safe Network is.

1 Like

Agreed. The thing is, with real freedom comes real responsibility.

2 Likes

I mean an optional thing selected by the user. Not everyone would want this, but I think many regular users would feel more safe with having a third party of their choice keeping some kind of recovery account, where the user at any time could choose to revoke the access permissions or recovery data from the third party and would be notified somehow if it was used.

Not everyone is up for keeping recovery access data in a hidden underground vault. There needs to be multiple options for ways to get back into an account if the user forgot the password, never remembered the password in the first place and only used a hardware wallet which was subsequently lost in a fire, etc etc.

This is the important part. The GUI could let them pick a friend. It MUST NOT suggest a third party who is not a friend.

1 Like

There’s another important point to recovering data or accounts and that is that some data you only care about read access and for other mainly about write access.

If you have a public id/domain, it’s not likely a big issue if someone can read it,but you don’t want anyone else to write to it because they would be able to steal it. Same goes for safecoins.

For documents and things that would typically be stored as immutable data, write access doesn’t matter. Immutable data is write only anyway and sometimes you might have some mutable data with these characteristics as well.

So people might want to give different access for recovering data to different people. Perhaps you’d trust a bank to store a key to your money, but not your photos for example. One way for this kind of stuff might be to have apps have some options to set permissions for the data they write, so in a photo app you give permissions for the data map to someone, but then there’s the other issue of getting notified if they actually use the access in cases where you didn’t lose your access and didn’t want them to access anything.

I understand the motivation, and it’s a good one. But. You bring worst examples. Why would I elect bank as trusted other party?

Complicated. For: No reason. Lost key problem is already solved: Split your key among 5 friends. Any 3 can restore original key. Paranoid? First encrypt key with password only you know. Problem solved.

1 Like

You probably wouldn’t, but some would. Whoever is the third party is irrelevant however, it could be anyone really. Some might prefer a single party.

Perhaps splitting a key among 5 friends, where any 3 could restore it might be a good solution though. You would just write the public id of five people, they would get a message with their part of the key and as long as at least three of those people still have access to their SAFE accounts you would be able to restore your account. The five people shouldn’t know who the others are unless you notify them. To initiate recovery there could be something like a recover account button which would send a message to the five individuals, describing the situation and telling them to contact the account holder to check if the account really should be recovered, unless the account holder is dead.

[quote=“norimi, post:11, topic:21325”]
Paranoid? First encrypt key with password only you know. Problem solved.
[/quote] The whole point is to be able to recover if you lose your password, so this kinda defeats the whole purpose.

I still think there’s a case to be made for having different ways of recovering accounts/passwords/keys whatever for data for writing(domains,safecoins) and reading(documents,pictures). Their security characteristics are not the same.

You can have a 25 character long random password.
No human can keep it in mind. No government can break it.

You encrypt it with a simple password you can remember.
Your almost trusted third parties have not enough resources to break it.

Makes sense?

This is the situation we just solved with encrypting the password before splitting it.

Now they can know each other.

Well, if the recovery is to be made in case of death or head trauma resulting in severe memory loss, then it could be a problem.

It’s legal situation. Needs legal solution:

  • Split password. Send them.
    Nobody knows the others.

  • Write a will. Include list of people.
    Leave it with official trusted third party.

When you die or incapacitated:

  • Lawyer notifies the people. Collects the parts.
  • Executes transaction as instructed in will.

Otherwise: How will your heir explain he or she suddenly millionaire?

if a person died, the people who has the recovery responsibility would know and would know that they in that case should reset password/recover account. Doesn’t have to be a lawyer.

The “will” could also be an app/smart contract that transfers certain MDs to specified new owners when activated by a number of signatures.

Other scenario: Heirs shooting each other for the money.
Involving unbiased third party is not because it is great entertainment.
But because: Less cleaning up of body parts.

Sounds good. Real situation may need more flexibility.

Sure, but that could still be up to the person who wants a recoverable account. That person could choose a lawyer, some company, one or more friends etc to be the ones needed to recover the account. It could be two friends and a lawvyer, only a lawvyer or heirs and a friend or whatever.

If there was a dispute later, then heirs could sue each other. The advantage would be in cases with no disputes, it would be automated instead of requiring paperwork.