Re: "anybody can ledgerize" vulnerability from Lucas Tétreault on 2019-09-18 (public-credentials@w3.org from September 2019)

From: Lucas Tétreault <lucas@vivvo.com>
Date: Wed, 18 Sep 2019 16:48:08 +0000
To: ProSapien Sam Smith <sam@prosapien.com>, Dave Longley <dlongley@digitalbazaar.com>
CC: Daniel Hardman <daniel.hardman@evernym.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <QB1PR01MB25166CC183A74C05C6C018CCAD8E0@QB1PR01MB2516.CANPRD01.PROD.OUTLOOK.COM>

I don't really understand what the vulnerability is to be honest... If it's a DID document that should be on a ledger, then it will have been published to the ledger before being shared. If it's a pairwise DID / DID document then presumably the DID indicates as much e.g.: did:peer:... vs. did:v1:... Or is that not something people are doing in practice?

I think that the DID being derived from key material is an interesting property for DIDs that are not rooted in a blockchain but I don't really see that as necessary for all DID methods.


[photo]
Lucas Tétreault
VP Research & Development
300A - 2221 Cornwall Street
Regina, SK. S4P 2L1
(306) 541-311<tel:(306)%20541-3116>5    ・       [vivvo] <http://www.vivvo.com/>         ・       [github] <https://github.com/lucastetreault>    [linkedIn] <https://www.linkedin.com/in/lucas-t%C3%A9treault>   [twitter] <https://twitter.com/ltetreault>


________________________________
From: ProSapien Sam Smith <sam@prosapien.com>
Sent: September 18, 2019 10:13 AM
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: Daniel Hardman <daniel.hardman@evernym.com>; W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Re: "anybody can ledgerize" vulnerability

A self-certifying identifier implies that the identifier is self-authenticating in that it includes the key material needed to authenticate itself (by virtue of the key material in the identifier) and then  the creator of the identifier may authorize via a signature with the associated private key  some action on that identifier such as creating a did doc.

It appears that Veres One is self-certifying by including unique key material in the identifier and then requiring verification using that same key material before accepting the DID Doc. The is essentially the correct behavior.

The act of not including the key material in the identifier itself removes the self-authentication feature. This lack is the source of the problem and exposes the vulnerability.  Eliminating self-authentication means that some other authority must authenticate the origination or inception event on the identifier. This can be a ledger but that means that the origination event or registration event on the ledger can be performed by anyone because the identifier is not uniquely bound to the key material used to register it. This creates a race condition (first to register) and allows someone to register or ledgerize the identifier unauthorized.  This is problem for private identifiers where the originator does not want the identifier ledgerized and therefore never registers it thereby opening the opportunity for someone else to ledgerize it.

Requiring an external authority to authenticate identifiers in order to authorize actions of the identifier is inherently more centralized and opens a can of worms.  It matters not that the external authority is a permission-less ledger the identifier is still not self-authenticating.




Veres One (v1) protects against this by requiring the DID itself to be
derived from key material. A Veres One "nym" (short for cryptonym) DID
must be derived from one of the `capabilityInvocation` keys expressed in
its associated DID Document. The act of registering the DID requires
that the DID Document itself be invoked as a capability
("self-registration"). This invocation can only be performed by whomever
controls the private key material associated with a
`capabilityInvocation` key, and specifically, the DID itself must have a
fingerprint (or full public key material) that matches that key.


--
Dave Longley
CTO
Digital Bazaar, Inc.


Samuel M. Smith Ph.D.   Founder
smith.sam@prosapien.com<mailto:smith.sam@prosapien.com>
ProSapien LLC
242 East 600 North, Lindon Utah 84042-1662 USA
Office 1.801.768-2769
Mobile 1.801.592.8230
Skype: samuelmsmith
http://www.prosapien.com/


NOTICE: This electronic mail message, together with any attachments contains information
that may be copyrighted, confidential, proprietary, and/or legally privileged of and/or by
ProSapien LLC. This  electronic mail message is intended solely for the use of
the individual or entity originally named as the intended recipient. If you are not the intended
recipient, and have received this message in error, please return immediately this message

Received on Wednesday, 18 September 2019 17:03:22 UTC