Re: How to verify the did:key document is authorized by the private key holder ... JWS? from Manu Sporny on 2021-03-19 (public-credentials@w3.org from March 2021)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 18 Mar 2021 20:56:12 -0400
To: public-credentials@w3.org
Message-ID: <597f350f-6a10-b7f5-4bb9-4923c8976feb@digitalbazaar.com>

On 3/18/21 8:24 PM, Stefan More wrote:
> Thus, there is no need to sign the DID doc by design. Or am I missing
> something?

Correct. did:key DID Documents are purely generative things... if you know the
did:key value, you have everything you need to:

1) Generate the DID Document, and
2) Verify that any signature created by that did:key was
   generated by the controller of that key.

In other words, this is a cryptographic public key:

did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH

and that's all you need to verify a signature. It's the simplest and easiest
to use type a DID.

As a related aside... all off-ledger Veres One DIDs share this same property
(and are effectively did:keys).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Friday, 19 March 2021 00:56:27 UTC