- From: Daniel Hardman <daniel.hardman@evernym.com>
- Date: Mon, 9 Sep 2019 11:04:16 -0600
- To: "John, Anil" <anil.john@hq.dhs.gov>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAFBYrUqJsqjsBXMU_pii1RZUat0yL1W_Dyftg3cosFOtm=RkTA@mail.gmail.com>
> > How does knowing the identity of the issuer help the relying party / > validator / verifier ensure in a ZKP environment that Alice is indeed the > carbon based lifeform making that attestation about herself? > Binding a credential to a holder is a vital question. Many use cases demand it. We just wrote about it at length at the latest Rebooting Web of Trust conference, where people from Microsoft, Blockcerts, ETH Zurich, and Mitre joined me to explore the threat model. The short answer is that neither ZKP-based nor non-ZKP-based credentials automatically address all of Anil's question. In both cases, we sometimes have to bind the holder to the presenter-of-proof more strongly, using techniques such as FIDO2, biometrics, link secret bonds, and so forth. However, the good news is that answers do exist and they are not rocket science. Two sources of additional reading: The RWOT paper on malicious holders <https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/draft-documents/alice-attempts-abuse-verifiable-credential.md> (currently in draft form, but likely to be transferred to the final-documents folder soon) Another RWOT topic paper on transferrability of ZKP credentials <https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/zkp-safety.md> A paper on the topic of how biometrics can be combined with VCs safely and robustly has been accepted for publication in the Dec special issue of IEEE Spectrum, so look for more on the biometric subtopic there. > > > Where does the liability and accountability reside in a ZKP ecosystem? > With the issuer? With Alice? With the infrastructure provider that touches > the issuer, Alice and the verifier? > Issuers are equally liable for what they've asserted in both ZKP-based and non-ZKP-based ecosystems. Alice (Holder) can be held accountable for what she proves in several different ways, including: A) requiring her to generate a proof that is non-repudiable; B) requiring her to use a technique called "provisional anonymity", whereby her strong identifiers are held in escrow but able to be disclosed unilaterally by an arbitrator if she misbehaves; C) detecting link secret reuse; D) requiring Alice to post a bond against her good behavior, etc. This is not an exhaustive list, just a flavor of what's possible. I'll channel my inner Drummond Reed to note that the particular techniques that get used would be determined by a trust framework. :-)
Attachments
- image/png attachment: image002.png
Received on Monday, 9 September 2019 17:04:53 UTC