# DID PLC Registry on CKB (Draft) ## Metadata **Status**:: #x **Zettel**:: #zettel/fleeting **Created**:: [[2025-04-29]] **Notion**:: [notion.so](https://www.notion.so/cryptape/did-plc-registry-on-CKB-1e48f0d3781e800d9511e66d35cb5d32?pvs=4) ## Synopsis [did:plc Specification v0.1](https://web.plc.directory/spec/v0.1/did-plc) - Contract - type script: ensure did workflow (creation/update/deactivation) is correct - lock script: ensure operation is signed by one of the rotation key - API - Given a `did:plc` identifier, render the DID document in JSON - GET https://plc.directory/:did - GET https://plc.directory/:did/data - Accept `did:plc` operation, convert it to a CKB transaction and send it to the chain. - POST https://plc.directory/:did - Audit log - GET https://plc.directory/:did/log/audit ## Design Decisions - Save unsigned operation object with DAG-CBOR in data. - Type script args starts with the `did:plc` identifier to ease DID resolution via CKB Indexer RPC. - Lock script and args must be the same as the type script on the same cell. - Do not support deleting a `did:plc` cell, even after deactivation. - Do not support rotation key priority in the first version. - Support `secp256k1` key only ## Future Works - Support rotation key priority: > The PLC server provides a 72hr window during which a higher authority rotation key can “rewrite” history, clobbering any operations (or chain of operations) signed by a lower-authority rotation key. - Support p256 key - Improve privacy by hiding the rotation keys from the operation logs. User can submit the Merkle tree root hash of the rotation keys. - Reproducible build is essential so domain experts can review the code and increase the trust on the deployed contract. If users all trust a single did:plc identifier, it can much simplify the adoption. ## Potential Obstacles - Read `DAG-CBOR` data in contract - Write the `DAG-CBOR` parser first - Corner cases to comply with the specification. - Make it work first