W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Wed, 15 Jun 2016 11:00:29 +0100
To: public-credentials@w3.org
Message-ID: <87dee081-a910-41c1-4c7a-a4c841f06a5a@kent.ac.uk>

On 15/06/2016 02:25, Manu Sporny wrote:
> On 06/14/2016 05:14 PM, David Chadwick wrote:
>> BTW, losing a key, physical or electronic, is always a hassle, but it
>> is not irreparable.
> In some cases it is:
> For example, a student goes to a community college, learns a new skill,
> and is issued a verifiable claim asserting that new skill.
> The community college goes out of business a year later.
> The student loses their private key a year after that.
> The student is now in the position of having to re-take the
> classes/exams to prove that they have the skill set in question.
> Surely the community college had a data propagation strategy! Not all of
> them do, and even if they do, some of them still let students
> slip through the cracks.

Point taken, but one would hope that in the intervening period between
getting a qualification and the college going out of business, the
student would have gained some practical skills that would trump the
certificate. Here is another example. I get a 10 year guarantee for some
building work I have done on my house, and then next year the builder
goes out of business. My guarantee is now worthless. This happens all
the time in the UK unfortunately.

So there are some certificates that are hardly worth the paper they are
written on, and converting them to digital format cannot solve that problem.

If a receiver has not heard of the community college or thought it was a
poor institution and deserved to go bust (ie. does not trust it) then
even a paper certificate would not be valued by it.

> Or this scenario:
> Someone builds up 30 years of verifiable claims and then loses their
> private key. Can you imagine how hard it would be to get all of those
> claims back? How much you'd have to prove?
> The point isn't that something is irreparable - yes, most things can be
> fixed. It just takes an enormous amount of time, energy, money, and stress.
> ... and we can avoid all of this by using identifiers that are not
> cryptographic in nature (e.g. DIDs).

But one still has to prove possession of the DID. Sure, it can be shown
that the DID was created at some point in the past, but what proves that
it was you who created it, and not some imposter saying that they
created it?



> -- manu
Received on Wednesday, 15 June 2016 10:00:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC