W3C home > Mailing lists > Public > public-credentials@w3.org > May 2019

committing fraud with credentials

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Wed, 8 May 2019 13:39:07 -0600
Message-ID: <CAFBYrUqyR4Nv37qxfiS_LGaSaUGiuKoPKvquDH=ynip=yAx1ow@mail.gmail.com>
To: Credentials Community Group <public-credentials@w3.org>
At IIW last week, Rouven Heck called a session to explore the topic of
committing fraud with link secrets. This was a very interesting session,
and I think it generated some new knowledge and a set of follow-on topics.
I then called a follow up session on the broader topic of committing fraud
with credentials in general--both ZKP- and non-ZKP-based. We had a number
of smart minds in the room, including good representation from the CCG's
own Daniel Burnett.

I intend to pursue this topic in greater detail. In the second IIW session,
we began to create a matrix that lists particular attack scenarios as rows,
and that shows remediations for particular credential types as columns. It
is still quite sparse, but already has important info in it. Anybody can
comment on the spreadsheet
<https://docs.google.com/spreadsheets/d/1HALoNgZ7GTogw324squ7LRL4unfLSmPH_8B1ibxCQgE/edit#gid=0>;
if you want edit access, ping me.

I intend to pursue this topic more carefully, and hope to produce some kind
of a whitepaper about it. If people would like to collaborate, let me know.
We could do this under the auspices of the CCG, as an official work item,
but I am not specifically proposing that here. I will probably publish
something under my own name regardless.

--Daniel
Received on Wednesday, 8 May 2019 19:39:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:49 UTC