W3C home > Mailing lists > Public > public-credentials@w3.org > September 2017

Re: Verifiable Claims expiration

From: Joe Andrieu <joe@joeandrieu.com>
Date: Sun, 17 Sep 2017 12:02:43 -0700
Message-Id: <1505674963.2369398.1109006432.6CEF9A60@webmail.messagingengine.com>
To: public-credentials@w3.org
If you force an expiry date, issuers who don't want one will use an
arbitrary future date, e.g., 9999/12/31. The largest such number that
fits the typical inspector-verify test suite will rapidly become the de
facto setting for "no expiration".
Trying to force policy into the data model just wastes bytes.

-j


On Sat, Sep 16, 2017, at 11:55 PM, David Chadwick wrote:
> And from a security perspective this is flawed, since no cryptography> will last for ever
> 
> On 17/09/2017 01:07, Manu Sporny wrote:
>> On 09/16/2017 03:34 PM, Adam Sobieski wrote:
>>> I thought that omission of the expires property
>>> (https://w3c.github.io/vc-data-model/#expiration) results in an
>>> open-ended or non-expiring claim or statement.
>> 
>> This is correct.
>> 
>> We'll want to correct the spec text if it doesn't already say this.
>> 
>> -- manu
>> 
> 

--
Joe Andrieu, PMP
joe@joeandrieu.com
+1(805)705-8651
http://blog.joeandrieu.com
Received on Sunday, 17 September 2017 19:03:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:13 UTC