- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 17 Sep 2017 09:33:41 -0400
- To: public-credentials@w3.org
On 09/17/2017 02:55 AM, David Chadwick wrote: > And from a security perspective this is flawed, since no > cryptography will last for ever Jumping to the conclusion that this is flawed is premature. It all depends on how the verifier handles issuer key management. Remember, part of the verification process is retrieving the public key and checking for a revocation or expiration on the key. If the credential was issued /after/ the key expired, it's clearly invalid. If there is a known exploit for the sort of digital signature used, then the verifier can flag the credential as untrustworthy. There are many other things that go into whether or not to trust a credential. The expiration time that an issuer places on a credential is just ONE signal... and if they don't include that signal, we shouldn't flag it as an error. To put it another way, if we make "expiration" mandatory, it still won't solve the problem of "broken crypto". What happens when a flaw is found well before the expiration of the credential? It still puts us in the same place we are right now of the verifier having to check other signals. I suggest that we treat all of these fields as signals for the verifier, not absolute truths. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Rebalancing How the Web is Built http://manu.sporny.org/2016/rebalancing/
Received on Sunday, 17 September 2017 13:34:04 UTC