- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Wed, 15 Jun 2016 11:00:29 +0100
- To: public-credentials@w3.org
On 15/06/2016 02:25, Manu Sporny wrote: > On 06/14/2016 05:14 PM, David Chadwick wrote: >> BTW, losing a key, physical or electronic, is always a hassle, but it >> is not irreparable. > > In some cases it is: > > For example, a student goes to a community college, learns a new skill, > and is issued a verifiable claim asserting that new skill. > > The community college goes out of business a year later. > > The student loses their private key a year after that. > > The student is now in the position of having to re-take the > classes/exams to prove that they have the skill set in question. > > Surely the community college had a data propagation strategy! Not all of > them do, and even if they do, some of them still let students > slip through the cracks. Point taken, but one would hope that in the intervening period between getting a qualification and the college going out of business, the student would have gained some practical skills that would trump the certificate. Here is another example. I get a 10 year guarantee for some building work I have done on my house, and then next year the builder goes out of business. My guarantee is now worthless. This happens all the time in the UK unfortunately. So there are some certificates that are hardly worth the paper they are written on, and converting them to digital format cannot solve that problem. If a receiver has not heard of the community college or thought it was a poor institution and deserved to go bust (ie. does not trust it) then even a paper certificate would not be valued by it. > > Or this scenario: > > Someone builds up 30 years of verifiable claims and then loses their > private key. Can you imagine how hard it would be to get all of those > claims back? How much you'd have to prove? > > The point isn't that something is irreparable - yes, most things can be > fixed. It just takes an enormous amount of time, energy, money, and stress. > > ... and we can avoid all of this by using identifiers that are not > cryptographic in nature (e.g. DIDs). But one still has to prove possession of the DID. Sure, it can be shown that the DID was created at some point in the past, but what proves that it was you who created it, and not some imposter saying that they created it? regards David > > -- manu >
Received on Wednesday, 15 June 2016 10:00:48 UTC