<h1 id="ucan">UCAN<a aria-hidden="true" class="anchor-heading icon-link" href="#ucan"></a></h1>
<ul>
<li>url: <a href="https://ucan.xyz/">https://ucan.xyz/</a></li>
<li>repo: <a href="https://github.com/ucan-wg">https://github.com/ucan-wg</a></li>
<li>created_by: <a href="/wiki/notes/l5q3vm57bgrb4095uiqftig">Fission</a></li>
<li><a href="/wiki/notes/CQG6U3B2joEWhnXaD2AYX">hasImplementation</a> 
<ul>
<li><a href="/wiki/notes/u9du3ro2al7vsk6pybvkoh9">Noosphere</a></li>
</ul>
</li>
<li>description: distributed authorization for offline-first apps and distributed systems</li>
</ul>
<h2 id="faq">FAQ<a aria-hidden="true" class="anchor-heading icon-link" href="#faq"></a></h2>
<h3 id="is-ucan-secure-against-person-in-the-middle-attacks">Is UCAN secure against person-in-the-middle attacks?<a aria-hidden="true" class="anchor-heading icon-link" href="#is-ucan-secure-against-person-in-the-middle-attacks"></a></h3>
<p>UCAN does not have any special protection against person-in-the-middle (PITM) attacks.</p>
<p>Were a PITM attack successfully performed on a UCAN delegation, the proof chain would contain the attacker's DID(s). It is possible to detect this scenario and revoke the relevant UCAN but does require special inspection of the topmost iss field to check if it is the expected DID. Therefore, it is strongly RECOMMENDED to only delegate UCANs to agents that are both trusted and authenticated and over secure channels.</p>
<h2 id="references">References<a aria-hidden="true" class="anchor-heading icon-link" href="#references"></a></h2>
<ul>
<li><a href="/wiki/notes/fa1vqnpp2eze4kmn3htnto2">Capability Myths Demolished</a></li>
</ul>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/wiki/notes/i4p215c2oh7rz0x9cjxsjab">Fission</a></li>
<li><a href="/wiki/notes/u9du3ro2al7vsk6pybvkoh9">Noosphere</a></li>
</ul>

Is UCAN secure against person-in-the-middle attacks?

UCAN

public-notes


Welcome! And beware!  

## Purpose

This vault is the "[[learning-in-public|ar.swyx.learn-in-public]]" part of my Second Brain. If you share some of my interests, please [reach out](https://djradon.github.io)! 

## Contents

- [[t]] my personal wikipedia
- [[idea]] (not necessarily mine)
- Resource Notes, including highlights, thoughts and metadata, for various things:
  - [[ar]] mostly articles, papers and web pages
  - [[book]]
  - [[community]]
  - [[course]]
  - [[event]]
  - [[game]]
  - [[loc]]
  - [[org]]
  - [[user]] 
  - [[prdct]] mostly software products, but also ontologies
  - [[recipe]]
  - [[video]] movies, tv episodes, youtube, etc
- [[vs]]
- [[wanted]]
- Some "Metadata Notes":
  - [[tags]] which may refer to any and multiple (or none) of the above
  - [[c]]: ways to categorize resources
  - [[p]]: ways to assert things about resources (mostly abandoned)

In terms of the [[t.km.zettelkasten]] method, this wiki is a commingling of literature notes with something @Sönke-Ahrens warned about: a "personal Wikipedia or a database" [^1]. 

In terms of [[t.tm.getting-things-done]], it's references, someday-maybe, next actions, and public projects.

## Beware!

This is a cluttered cupboard of jumbled jottings riddled with inaccuracies, confusion, and mistakes.

## What This Is Not

- evergreen-notes/digital-garden: for "synthesized" / original-ish publishable big-idea notes that should evolve over time, props to @andy-matuschak and @maggie-appleton
- blog: for "point-in-time" items to be shared: personal news, articles, etc.
  - e.g., [[ar.substack.carpe-noctem]]


[^1]: [[book.how-to-take-smart-notes]]  