W3C home > Mailing lists > Public > public-credentials@w3.org > August 2021

Re: WoN Re: Public consultation on EU digital principles

From: Bob Wyman <bob@wyman.us>
Date: Wed, 11 Aug 2021 12:03:24 -0400
Message-ID: <CAA1s49V2UJ-0mFdAhX2McyT1DZO8OF6x92UV17fb41h1W+6+JA@mail.gmail.com>
To: daniel.hardman@gmail.com
Cc: David Chadwick <d.w.chadwick@verifiablecredentials.info>, Henry Story <henry.story@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Daniel Hardman wrote:

> A chain has to be followed. That means each credential must be verified.
> And if an intermediate credential in the chain is revoked, the chain gets
> broken and thus will not validate. So: revoke

Revocation works if the issuer of the VC is the one who comes to believe
that the VC to be no longer valid. But, imagine an issuer who has a policy
of reviewing the validity of VCs on an annual basis. Given such a policy,
it is likely that at least some VCs will be "incorrect" for up to one year.
During that period of incorrectness, what ability does an observer of VCs
have to challenge the correctness of a VC or to otherwise make statements
about it?

bob wyman


On Wed, Aug 11, 2021 at 3:14 AM Daniel Hardman <daniel.hardman@gmail.com>
wrote:

> Another solution is chaining: have an accreditation authority issue a VC
>>> to issuers, attesting to the issuer's bona fides; verification = verify
>>> proximate VC + VC that makes proximate issuer trustworthy. Possibly repeat
>>> through several levels of indirection.
>>
>> If it is discovered, through some arbitrary means, that some intermediary
>> in a chain should not be considered trustworthy, even though that
>> intermediary produces credentials that satisfy the specification's
>> requirements, how can a lack of trust be expressed, communicated, etc?
>>
>
> A chain has to be followed. That means each credential must be verified.
> And if an intermediate credential in the chain is revoked, the chain gets
> broken and thus will not validate. So: revoke.
>
Received on Wednesday, 11 August 2021 16:03:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:21 UTC