- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Fri, 16 Dec 2022 16:47:34 -0800
- To: Steve Capell <steve.capell@gmail.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CACrqygA95BJSGk0M2sq7cvSkWtBphu_LiYAeZSUP9hTPoXnVMQ@mail.gmail.com>
On Fri, Dec 16, 2022 at 2:54 PM Steve Capell <steve.capell@gmail.com> wrote: > The thing that worries me in reading your proposal is the use of words > like “list of trusted issuers”. We will be addressing this problem not > with lists but with chained credentials where the verifier follows the > chain until it reaches a trust anchor that they can trust. That’s because > the lists are too big and fast changing and are themselves sensitive. My concerns about trust registries are similar, and I've written about them recently in a blog post "Progressive Trust: A New Approach to Building Trust in Decentralized Systems" at https://www.blockchaincommons.com/musings/musings-progressive-trust/ Trust registries may not be able to capture the dynamics of trust-building over time, which can be vital to building trust in complex or evolving systems. Further, trust registries can become outdated or irrelevant as requirements and details change for each party, resulting in gaps that make it difficult to determine the authenticity and reliability of new data with a privacy-breaking “phone home.” Another important problem is that, to date, trust registries do not treat the risks of all parties equally, or focus on mitigating the risks of those parties with more power to influence the registry, or create a dependence that is likely to be an expensive barrier to entry or only benefits the few. > Even with highly-distributed trust registries, the costs to maintain them may be high enough that only the biggest orgs can offer them, leaving smaller organizations' requirements behind. Look at a current example: it currently requires a Google-class infrastructure to maintain the current DNS Certificate Transparency lists. There have been proposals to make it more distributed and less burdensome, but Google is not incentivized to do so. I'd love to find an architecture where every party's "trust filters" are easily adaptable and also easily decentralized (not just distributed). But even with solutions for those first two problems, we still have some additional challenges to address, such as the risk surface of peers sharing trust registries, inadvertent "first mover" advantages of one party's trust anchors overwhelming others because they published first, etc. P.S. I'm not arguing that this work should move forward as a CCG work item, it should — +1! I'd just like this group to also address these challenges, even if only to document them as some type of "long-term requirement." -- Christopher Allen
Received on Saturday, 17 December 2022 00:48:25 UTC