Long lived signatures and being able to find out a DIDs key at a given point in time makes sense to me... What I'm stuck on right now is keys that have been breached vs. keys that were rotated for some other reason? If a key was breached then presumably any and all credentials that were signed with it should be revoked. Thoughts?
Lucas Tétreault
300A - 2221 Cornwall Street
Regina, SK. S4P 2L1
(306) 541-311<tel:(306)%20541-3116>5 ・ [vivvo] <http://www.vivvo.com/> ・ [github] <https://github.com/lucastetreault> [linkedIn] <https://www.linkedin.com/in/lucas-t%C3%A9treault> [twitter] <https://twitter.com/ltetreault>
From: Manu Sporny <msporny@digitalbazaar.com>
Sent: December 10, 2018 3:48:02 PM
To: Tom Jones; daniel.hardman@evernym.com; kim@learningmachine.com
Cc: Credentials Community Group
Subject: Re: Ideas about DID explanation
On 12/10/18 2:54 PM, Tom Jones wrote:
> On Sat, Dec 8, 2018 at 1:18 PM Kim Hamilton Duffy wrote:
> I’m not sure if I understand the question, but for some longer-lived
> claims it’s useful to be able to determine the keys associated with a
> DID at a given point in time. I think I’m the only one that keeps
> harping on this, so the need for this capability may be quite rare.
No not rare, I expect the opposite is true. :)
We might not be talking about it because many of us believe it's a
fundamental requirement for all of the reasons that you, Daniel, and
others have pointed out. We may have failed to record that tribal knowledge.
It's certainly a design requirement for the Veres One ledger... being
able to do the following query is vital "What were the keys associated
with DID X on date Y?"
-- manu
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches