Reference

Glossary

Terms and concepts used across this site.

.well-known #

well-known URI, well-known directory
Reviewed 2026-03-31
A standardized directory on web servers (defined by RFC 8615) where services publish machine-readable metadata. AT Protocol uses /.well-known/atproto-did for DID discovery; Let's Encrypt uses it for certificate validation. The 0xDEAD project proposes /.well-known/mortal-certificate as a future endpoint for publishing mortality status.
Citations
📄 IETF — RFC 8615 🌐 Wikipedia

2FA #

two-factor authentication
Reviewed 2026-03-29
Two-Factor Authentication — a security measure requiring something you know (password) plus something you have (a phone app code, hardware key, or SMS). The second factor usually can't be transferred to someone else.
Citations
📄 NIST SP 800-63B — Authentication Guidelines 🌐 Wikipedia 🎙 Security Now #1008 — HOTP and TOTP 🎙 Security Now #965 — Passkeys vs. 2FA

72-hour recovery window #

72-hour window, 72-hour safety valve
Reviewed 2026-03-31
A policy enforced by the DID PLC directory server: if a lower-authority rotation key signs an operation (like a succession transfer), a higher-authority key has 72 hours to override it and rewrite history. This is the 'I'm not dead yet' mechanism — the final backstop against premature succession. It's server policy, not a cryptographic constraint.
Citations
📄 did:plc Specification v0.1

AT Protocol #

ATProto, atproto
Reviewed 2026-03-30
The protocol behind Bluesky — a decentralized social networking protocol that separates identity (DID), data (PDS repository), and hosting (PDS provider). Account portability is built in: you can move your identity between providers without losing your data.
Citations
📄 AT Protocol Specification 🌐 Wikipedia 📚 AT Protocol Overview

Atmosphere #

the Atmosphere
Reviewed 2026-03-31
The ecosystem of interoperable apps and services built on the AT Protocol. Bluesky is one app in the Atmosphere — others include Tangled (code hosting), Leaflet (publishing), and hundreds more. Your Bluesky login is actually an Atmosphere login, and your identity travels across all of them.
Citations
📚 Paul Frazee — Atmospheric Computing 📚 AT Protocol Spring 2026 Roadmap

CBOR #

Concise Binary Object Representation
Reviewed 2026-03-29
Concise Binary Object Representation — a compact, binary data format similar to JSON but smaller and faster to parse. Used as the encoding layer for COSE signatures.
Citations
📄 RFC 8949 🌐 Wikipedia

Certificate Transparency #

Reviewed 2026-03-29
Google's open framework for monitoring TLS certificates. Every certificate issued by a trusted authority must be logged publicly, so anyone can detect fraudulent or mistaken certificates.
Citations
📄 Certificate Transparency 🌐 Wikipedia 🎙 Security Now #666 — Certificate Transparency 📚 RFC 9162 — CT Version 2.0

COSE #

Reviewed 2026-03-29
CBOR Object Signing and Encryption — an IETF standard (RFC 9052) for compact, binary-format digital signatures. Like JSON Web Tokens but smaller and more efficient.
Citations
📄 RFC 9052 🌐 Wikipedia

CRL #

Certificate Revocation List, CRLite
Reviewed 2026-03-30
Certificate Revocation List — a file published by a certificate authority listing all revoked certificates. CRLite is Mozilla's compressed, efficient replacement that lets browsers check revocation status locally instead of asking a server.
Citations
📄 RFC 5280 — CRL Profile 🌐 Wikipedia 🎙 Security Now #987 — Rethinking Revocation

dead man's switch #

Reviewed 2026-03-29
A mechanism that triggers automatically when you stop responding. You check in periodically to prove you're alive — if you miss enough check-ins, the system assumes something happened and begins the succession process.
Citations
🌐 Wikipedia 📚 Digital Inheritance — Wikipedia

DID #

Decentralized Identifier, Decentralized Identifiers
Reviewed 2026-03-30
Decentralized Identifier — a self-owned identity you control without a central authority. AT Protocol uses did:plc (auditable, rotatable keys) and did:web (domain-based). Your DID is your permanent identity — everything else (handle, PDS, signing key) can change.
Citations
📄 W3C DID Core 1.0 🌐 Wikipedia 📚 W3C DID Primer

did:plc #

DID PLC, PLC
Reviewed 2026-03-30
A DID method built for AT Protocol. Your did:plc is a permanent identifier derived from cryptographic keys. It supports key rotation — changing who controls the identity — which is the primitive that makes cryptographic succession possible.
Citations
📄 did:plc Specification v0.1 📚 PLC Directory

eIDAS #

eIDAS 2.0, EU Digital Identity
Reviewed 2026-03-30
The EU regulation for electronic identification and trust services. eIDAS 2.0 mandates Digital Identity Wallets for all EU citizens by end of 2026 — a potential integration path for succession protocols.
Citations
📄 EUR-Lex — eIDAS Regulation 🌐 Wikipedia

heartbeat #

blinded heartbeat, liveness heartbeat
Reviewed 2026-03-30
A privacy-preserving liveness signal in the 0xDEAD protocol. Instead of the account holder proving they're alive, multiple independent entities — services, professionals, family — passively attest to the holder's liveness. Each heartbeat is recorded as a blinded hash on a public ledger.

lexicon #

lexicons, NSID
Reviewed 2026-03-30
AT Protocol's schema system for defining record types. Lexicons use reverse-DNS naming (like space.0xdead.succession.declaration) and are extensible — anyone can define new ones. Third-party lexicons flow through the relay network without modification.
Citations
📄 AT Protocol — Lexicon 📚 Bluesky — Custom Schemas

Mortality Labeler #

Reviewed 2026-03-30
A proposed AT Protocol labeler service that publishes account-level mortality status labels — liveness-current, liveness-declining, liveness-overdue, succession-pending, deceased, estate-managed. Other services subscribe to learn about an account's mortality status.
Citations
📄 AT Protocol — Labels

namespace recycling attack #

repo jacking, package takeover, namespace squatting
Reviewed 2026-03-29
An attack where an adversary claims an abandoned package name, username, or domain after its original owner dies or goes inactive. Every project that depended on the original namespace now silently pulls from the attacker — turning dead maintainers into supply chain weapons.
Citations
📚 Aqua Security — RepoJacking Research 📚 Checkmarx — npm Supply Chain Attack (ua-parser-js) 📚 Snyk — event-stream Incident 📚 Supply Chain Attack — Wikipedia

OCSP #

Online Certificate Status Protocol
Reviewed 2026-03-29
Online Certificate Status Protocol — a way to check if a TLS certificate has been revoked. The server periodically proves 'I'm still valid' by fetching a signed status from the certificate authority.
Citations
📄 RFC 6960 🌐 Wikipedia 🎙 Security Now #453 — Certificate Revocation, Part 1 🎙 Security Now #454 — Certificate Revocation, Part 2 🎙 Security Now #987 — Rethinking Revocation

OIDC #

OpenID Connect
Reviewed 2026-03-29
OpenID Connect — a standard that lets you prove your identity using an existing account (Google, GitHub, Microsoft, etc.) without sharing your password. 'Sign in with Google' is OIDC.
Citations
📄 OpenID Connect Core 1.0 🌐 Wikipedia 🎙 Security Now #266 — Inside OAuth

PDS #

Personal Data Server
Reviewed 2026-03-30
Personal Data Server — your data host in the AT Protocol. Your PDS stores your signed repository of records (posts, declarations, etc.) in a Merkle Search Tree. You can migrate between PDS providers without losing data or identity.
Citations
📄 AT Protocol — Data Repos 📚 AT Protocol — Account Migration

Rekor #

Reviewed 2026-03-30
Sigstore's transparency log — an append-only, publicly auditable ledger that records signed artifacts. Every entry gets a cryptographic proof that it existed at a specific time and hasn't been tampered with.
Citations
📄 Rekor — Sigstore Docs 📚 Sigstore Overview

RFC 5280 #

X.509 certificate profile, PKIX certificate profile
Reviewed 2026-03-31
The IETF standard that defines the format and validation rules for X.509 v3 digital certificates and Certificate Revocation Lists (CRLs). It specifies how TLS certificates are structured, issued, and revoked — the foundation of trust on the web that 0xDEAD maps to human mortality.
Citations
📄 IETF — RFC 5280 🌐 Wikipedia

rotation key #

rotation keys
Reviewed 2026-03-30
A cryptographic key in DID PLC that controls the identity itself — who can update the DID document, change signing keys, or migrate to a new PDS. Rotation keys are ordered by priority: a higher-priority key can override a lower one within 72 hours.
Citations
📄 did:plc Specification — Key Rotation

RUFADAA #

Revised Uniform Fiduciary Access to Digital Assets Act
Reviewed 2026-03-29
Revised Uniform Fiduciary Access to Digital Assets Act — a law adopted by 48 US states and the District of Columbia governing who can access your digital accounts after you die.
Citations
📄 Uniform Law Commission 🌐 Wikipedia 📚 Uniform Law Commission — Wikipedia

SCITT #

Reviewed 2026-03-29
Supply Chain Integrity, Transparency, and Trust — an IETF working group building standards for tamper-proof, append-only transparency logs. Think of it as a public receipt book that can't be edited.
Citations
📄 IETF Working Group 📚 Software Supply Chain — Wikipedia

Sigstore #

Reviewed 2026-03-29
An open-source project for keyless code signing. Instead of managing long-lived cryptographic keys, you prove your identity via your existing login (Google, GitHub, etc.) and get a short-lived signing certificate.
Citations
📄 Sigstore Security Model 📚 Sigstore Overview 📚 Open Source Security Foundation — Wikipedia

threshold cryptography #

Reviewed 2026-03-29
A cryptographic scheme where no single party holds enough information to act alone. Actions require cooperation from a minimum number of participants — like a safe deposit box that needs two keys held by different people.
Citations
📄 NIST Multi-Party Threshold Cryptography 🌐 Wikipedia 📚 Shamir's Secret Sharing — Wikipedia

TLS #

Transport Layer Security
Reviewed 2026-03-29
Transport Layer Security — the encryption protocol that secures HTTPS connections. When you see the lock icon in your browser, that's TLS.
Citations
📄 RFC 8446 — TLS 1.3 🌐 Wikipedia 🎙 Security Now #195 — SSL/TLS 🎙 Security Now #656 — TLS v1.3 📚 MDN Web Docs — TLS

ToS #

Terms of Service
Reviewed 2026-03-29
Terms of Service — the legal agreement between you and a platform that governs what you can and can't do with your account, including what happens when you die.
Citations
📄 ToS;DR — Terms of Service; Didn't Read 🌐 Wikipedia

transparency log #

transparency logs, transparency logging
Reviewed 2026-03-29
A public, append-only ledger where every action is permanently recorded and visible to anyone. Once something is written, it cannot be edited or deleted — like a public notary book that the whole internet can audit.
Citations
📄 RFC 9162 — Certificate Transparency Version 2.0 🌐 Wikipedia 📚 IETF SCITT Working Group 📚 Sigstore — Transparency Log

Verifiable Credentials #

VCs, W3C Verifiable Credentials
Reviewed 2026-03-30
A W3C standard for tamper-proof digital credentials that can be cryptographically verified without contacting the issuer. Like a digital notarized document — the recipient can prove it's real without calling the notary.
Citations
📄 W3C Verifiable Credentials Data Model 2.0 🌐 Wikipedia

WebAuthn #

Passkeys, FIDO2
Reviewed 2026-03-30
A browser standard for passwordless authentication using public-key cryptography. Passkeys are the consumer-facing name — your phone or security key proves your identity without transmitting a password.
Citations
📄 W3C Web Authentication 🌐 Wikipedia 🎙 Security Now #965 — Passkeys vs. 2FA
See something wrong? Suggest an edit
@0xdead.space
Talk to us about death on Bluesky.
Vibe-coded a masterpiece · Died · Plan accordingly
"I am going now, but I do not know where."