- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 1 May 2020 22:03:48 -0400
- To: public-credentials@w3.org
On 5/1/20 6:18 PM, Daniel Hardman wrote: > How is this privacy-preserving? Can you say some more about that? Mike Lodder wrote: > I’m failing to see how this is privacy preserving? The verifier would > need to know the index from the credential into the revocation list. > The point of preserving privacy is that the verifier doesn’t know the > index. This sounds just like checking an RCL in another form. There’s > no herd privacy here at all. If I had a list of 10k or 100k doesn’t > matter. If the relying party knows my index, there’s no privacy Sounds like we're getting ready to enter a debate on the definition of "privacy" and "privacy preserving", and I doubt that we'll come out on the other side having agreed to a single definition. :) So let me start by asserting that there are degrees of privacy and degrees of privacy preserving. I expect this method is further away from where both of you might want to be on those scales. There is also a fundamental assumption that this revocation mechanism assumes: There will be at least one identifier on the VC, like a driver's license number, or a corporate tax ID number, or a postal address, or payment details. If your goal is almost complete anonymity -- do not use this revocation method. :) If your goal is achieving varying levels of privacy that one might expect when handing over a driver's license, corporate paperwork, shipping instructions, or making a payment, then this revocation method may be useful to you. Here are the design goals for Revocation List 2020: * Enable an issuer to publish revocation lists on their existing infrastructure without knowing which holder's revocation status is being checked. * Enable a holder to have some assurance of herd privacy. * Enable a verifier to cache large populations of revocation data without having to phone home constantly. * Enable a verifier to cloak their requests for revocation information by using Content Distribution Networks or network proxies to hide their requests. * Enable a holder to deliver a fresh revocation list, avoiding a verifiers need to go out to the network and pull the revocation list from the issuer (revocation lists are just VCs afterall). All of these things work to preserve privacy. Are they as privacy preserving as Sovrin and Evernym's solutions? Given that the VC contains an identifier of some sort anyway, I'd argue that it's just as privacy preserving. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Saturday, 2 May 2020 02:04:42 UTC