- From: Christoph Dorn <christoph@christophdorn.com>
- Date: Tue, 12 Jun 2018 21:57:49 +0000
- To: david@dbooth.org
- Cc: public-credentials@w3.org
This points to my problem with "self sovereign identity" as a user term. I am putting together my thoughts and will post soon. When I speak of "self sovereignty" I am referring to "controls to keep data private while using it". If data privacy is violated beyond the desired controls, sovereignty is compromised. DIDs *can be* self sovereign in concept and that is a necessary starting point. The extent to which this self sovereignty may be claimed over time is unknown. I see Time as being the adversary of self sovereign DIDs with the potential to render sensitive information public. My goal is to raise awareness about the potential pitfalls before users start trusting "self sovereign identities" as being all that they claim to be which users will come to expect. Christoph On June 12, 2018 02:29:43 pm PDT, "David Booth" <david@dbooth.org> wrote: > On 06/12/2018 04:44 PM, Jordan, John CITZ:EX wrote:> . . . > > it is a lot easier to forge a document than it is to forge > > a verifiable credential that makes use of the kinds of > > cryptographic technique enabled by DIDs and the fancy math! > > SIDE NOTE: I think it would be wise to maintain a healthy skepticism > about this claim. > > Although the fancy math and crypto may be very good indeed, a huge > weakness that digital mechanisms always have is that, once any tiny > vulnerability is found, that vulnerability can be silently and > relentlessly attacked with massive automated computing power . . . > rendering that tiny vulnerability not so tiny after all. > > David Booth > >
Received on Tuesday, 12 June 2018 21:58:13 UTC