Re: Ideas about DID explanation

Long lived signatures and being able to find out a DIDs key at a given point in time makes sense to me... What I'm stuck on right now is keys that have been breached vs. keys that were rotated for some other reason? If a key was breached then presumably any and all credentials that were signed with it should be revoked. Thoughts?



[photo]
Lucas Tétreault
Developer
300A - 2221 Cornwall Street
Regina, SK. S4P 2L1
(306) 541-311<tel:(306)%20541-3116>5    ・       [vivvo] <http://www.vivvo.com/>         ・       [github] <https://github.com/lucastetreault>    [linkedIn] <https://www.linkedin.com/in/lucas-t%C3%A9treault>   [twitter] <https://twitter.com/ltetreault>



________________________________
From: Manu Sporny <msporny@digitalbazaar.com>
Sent: December 10, 2018 3:48:02 PM
To: Tom Jones; daniel.hardman@evernym.com; kim@learningmachine.com
Cc: Credentials Community Group
Subject: Re: Ideas about DID explanation

On 12/10/18 2:54 PM, Tom Jones wrote:
> On Sat, Dec 8, 2018 at 1:18 PM Kim Hamilton Duffy wrote:
>
> I’m not sure if I understand the question, but for some longer-lived
> claims it’s useful to be able to determine the keys associated with a
> DID at a given point in time. I think I’m the only one that keeps
> harping on this, so the need for this capability may be quite rare.

No not rare, I expect the opposite is true. :)

We might not be talking about it because many of us believe it's a
fundamental requirement for all of the reasons that you, Daniel, and
others have pointed out. We may have failed to record that tribal knowledge.

It's certainly a design requirement for the Veres One ledger... being
able to do the following query is vital "What were the keys associated
with DID X on date Y?"

-- manu

--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Tuesday, 11 December 2018 14:05:06 UTC