Daniel Hardman wrote: > A chain has to be followed. That means each credential must be verified. > And if an intermediate credential in the chain is revoked, the chain gets > broken and thus will not validate. So: revoke Revocation works if the issuer of the VC is the one who comes to believe that the VC to be no longer valid. But, imagine an issuer who has a policy of reviewing the validity of VCs on an annual basis. Given such a policy, it is likely that at least some VCs will be "incorrect" for up to one year. During that period of incorrectness, what ability does an observer of VCs have to challenge the correctness of a VC or to otherwise make statements about it? bob wyman On Wed, Aug 11, 2021 at 3:14 AM Daniel Hardman <daniel.hardman@gmail.com> wrote: > Another solution is chaining: have an accreditation authority issue a VC >>> to issuers, attesting to the issuer's bona fides; verification = verify >>> proximate VC + VC that makes proximate issuer trustworthy. Possibly repeat >>> through several levels of indirection. >> >> If it is discovered, through some arbitrary means, that some intermediary >> in a chain should not be considered trustworthy, even though that >> intermediary produces credentials that satisfy the specification's >> requirements, how can a lack of trust be expressed, communicated, etc? >> > > A chain has to be followed. That means each credential must be verified. > And if an intermediate credential in the chain is revoked, the chain gets > broken and thus will not validate. So: revoke. >
Received on Wednesday, 11 August 2021 16:03:49 UTC