| Resumen |
In recent years, the rise of Instant Messaging (IM) platforms has underscored the need for secure authentication and encryption mechanisms. While encryption challenges have been addressed by protocols like Signal, public key authentication re-mains problematic due to centralized infrastructure, trust issues, and user misunderstanding of End-to-End Encryption (E2EE). This paper introduces a decentralized framework for public key authentication in IM services, based on the Trust over IP (ToIP) model. Our framework utilizes Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to manage public keys outside the control of IM providers, eliminating their role as artificial identification and authentication authorities. By shifting control to decentralized, transparent systems, the proposed framework enhances user privacy, security, and autonomy. It also aligns with regulatory standards like the Digital Markets Act (DMA) and the Electronic Identification, Authentication, and Trust Services (eIDAS), fostering compliance and interoperability. © 2024 IEEE. |
