Re: Ideas about DID explanation from Daniel Hardman on 2018-12-10 (public-credentials@w3.org from December 2018)

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Mon, 10 Dec 2018 12:47:50 -0700
To: kim@learningmachine.com
Cc: thomasclinganjones@gmail.com, Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAFBYrUr+mS7k5ADeDVVW8uQjYDV6JdbmGMCb7P6-87ABKW_LYg@mail.gmail.com>

On Sat, Dec 8, 2018 at 1:18 PM Kim Hamilton Duffy <kim@learningmachine.com>
wrote:

> I’m not sure if I understand the question, but for some longer-lived
> claims it’s useful to be able to determine the keys associated with a DID
> at a given point in time. I think I’m the only one that keeps harping on
> this, so the need for this capability may be quite rare.

I don't think it will be rare at all.If I sign a legal contract in June and
then someone is trying to verify it in December, surely it's the state of
my key in June, NOT December, that matters? By that same reasoning, if I
get a message signed by a DID's key, I should test whether the key was
valid at the time the signature occurred--not the time of verification. *In
fact, if the key on the message is valid today, but it was NOT valid at the
time of signing, I should reject the message, because that key only becomes
valid when the public record says so.* No?

The common operation of testing for the current keys associated with a DID
is only useful to the extent that the act of using the keys to sign/encrypt
and the act of decrypting/verifying are nearly simultaneous. If any of us
are building systems where that is a strong assumption, I think we're
creating fragility.

--Daniel

Received on Monday, 10 December 2018 19:48:23 UTC