W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 14 Jun 2016 12:13:59 -0400
Message-ID: <57602D47.9000202@digitalbazaar.com>
To: public-credentials@w3.org
On 06/14/2016 11:10 AM, David Chadwick wrote:
> But if I had a public key specifically minted for one
> requester/relying party, and all my issuers would bind my claims to
> this, then I could prove possession of all credentials to this
> requester/relying party. And I would not actually need to register
> this public key anywhere as I can always prove possession.

Except for when you lose the key.

Or when the key size is no longer large enough.

Anything tied to the key becomes invalid if the key goes away.

Lose your key, lose your "identity".

HD Keys provide some protection against this, unless you lose your
master key.

This is why WebDHT enables you to do M-of-N signatures to recover access
to your decentralized identifier (Subject Identifier) by having your
friends/family assign a new key for you.

Hope that helps explain why we abandoned public keys as long-lived
identifiers a while ago.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Web Browser API Incubation Anti-Pattern
http://manu.sporny.org/2016/browser-api-incubation-antipattern/
Received on Tuesday, 14 June 2016 16:14:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC