Mitigating accidental mis-entered DAPs

[aparkersquare]

When paying someone via a DAP, a significant concern is knowing if the DAP resolves to the person you expect. The DAP specification addresses various security concerns, and #42 is related to mitigating malicious impersonation of a DAP (someone posts something that looks like the DAP you expect).

I think it would be useful to have some way to address accidental mistakes by the sender.

For instance, say I intend to pay @jack/didpay.me, but accidentally type @jakc/didpay.me and someone else has registered this handle at the registry (DAP squatting!) so it resolves to a list of money addresses. I am very unlikely to notice, and I will proceed to pay to one of them. This is bad.

Verifying the DAP resolved to the person you intended would require some out-of-band knowledge, but assuming that was possible how could it be incorporated into the DAP specification?

[aparkersquare]

An identicon is a visual representation of the hash of some information. The relevance here being that any change in either the DAP or the information resolved from the DAP would result in a completely different looking identicon, hopefully triggering the user to notice that they have mis-entered the DAP.

The DAP itself could be hashed and shown as an identicon. This could be done independently of the DAP specification.

Is there a stable part of DAP resolution process that could be used to generate an identicon? I believe the DID would be a good candidate.

For this to be part of the DAP specification, the exact form of the identicon might need to be specified. I don't believe there is any open standard for identicon display.

[aparkersquare]

As noted in this comment in #42, currently the specification does not restrict the case (upper/lower) for a DAP, thus @jack/didpay.me and @Jack/didpay.me could resolve differently, which could result in sending funds to the wrong person.