Does Decentralized Identifiers cover Decentralized PKI

Question

I am learning about Decentralized Identifiers(DIDs). The DIDs specifaction says that:

This architecture not only eliminates dependence on centralized registries for identifiers, but also on centralized certificate authorities for key management as is typical of hierarchical PKI (public key infrastructure). Instead each identity owner serves as its own root authority via its own DID record(s) on the shared ledger—an architecture called a DPKI (decentralized PKI).

As far as i understand two concepts(DIDs and DPKI) have some similarities. For example both requires decentralized registry like blockchain(or DLT). Also both says that public keys should be controlled by subject. So,

My question: Does Decentralized Identifiers cover Decentralized PKI. In other word, what is the difference or simalirities between DIDs and DPKI?

Answer 1

To my knowledge, there is not quite work yet in standardizing dpki.

Here are a few resources on the subject you may find valuable

DIDs In DPKI (Decentralized Public-key Infrastructure)

This document seeks to act as a starting point to bridge the two worlds of DPKI (which appeared in the first RWOT) with DIDs (which appeared at the second RWOT).

The Sidetree Protocol: Scalable DPKI for Decentralized Identity

The Sidetree protocol is not itself a DID Method, it is a composition of code-level components that include deterministic processing logic, a content addressable storage abstraction, and state validation procedures that can be deployed atop Layer 1 decentralized ledger systems (e.g. public blockchains) to produce permissionless, Layer 2 DID networks. The protocol can be used to create distinct L2 DID networks on different chains by combining its core components with a chain-specific adapter, which handles reading and writing to the underlying L1. Almost all of Sidetree’s protocol implementation code remains the same regardless of the target L1 system it’s being applied to.

I think the real answer might be that focus has shifted from DPKI to DKMS

Decentralized Key Management

A decentralized key management system (DKMS) is an approach to cryptographic key management where there is no central authority. DKMS leverages the security, immutability, availability, and resiliency properties of distributed ledgers to provide highly scalable key distribution, verification, and recovery.

From that directory I find DKMS Design and Architecture V3 based on NIST SP 800-130

his decentralized web of trust model leverages the security, immutability, availability, and resiliency properties of distributed ledgers to provide highly scalable key distribution, verification, and recovery. This inversion of conventional public key infrastructure (PKI) into decentralized PKI (DPKI) removes centralized gatekeepers, making the benefits of PKI accessible to everyone.

Another important development in this area is KERI (Key Event Reciept Infrastructure)

Keri Design

The primary key management operation is key rotation (transference) via a novel key pre-rota- tion scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. The indirect mode depends on witnessed key event re- ceipt logs (KERL) as a secondary root-of-trust for validating events. This gives rise to the acronym KERI for key event receipt infrastructure. In the direct mode, the identity controller es- tablishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERL) for validating events. The security and accountability guarantees of indirect mode are provided by KA2CE or KERI’s Agreement Algorithm for Control Establishment among a set of witnesses.

The KA2CE approach may be much more performant and scalable than more complex approach- es that depend on a total ordering distributed consensus ledger. Nevertheless KERI may employ a distributed consensus ledger when other considerations make it the best choice. The KERI ap- proach to DKMI allows more granular composition. Moreover, because KERI is event streamed it enables DKMI that operates in-stride with data events streaming applications such as web 3.0, IoT, and others where performance and scalability are more important. The core KERI engine is identifier independent. This makes KERI a candidate for a universal portable DKMI.

The Story of Open SSI Standards – Drummond Reed/Evernym – Webinar 1
This has some background ^^^

Answer 2

in the DID specs :

Because DIDs reside on a distributed ledger, each entity may serve as its own root authority—an architecture referred to as DPKI (decentralized PKI).

DPKI mandates how the keys are to be stored, read, access, retrieved specifically in the key management infrastructure layer only.