- From: Steve Capell <steve.capell@gmail.com>
- Date: Mon, 7 Mar 2022 07:14:49 +1100
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials@w3.org
Thanks Manu for taking the time to respond Point taken about HSMs with did:key - will look into it “ Never publish via a DID Document service endpoint what you can communicate with a VC. Digital Bazaar is coming to the conclusion that service endpoints were probably not a good idea for the use cases it was envisioned to be used for. That doesn't mean it's useless, just that we should've used VCs to address most of the "service endpoint" use cases.” - is that because you want to avoid any identity correlation concerns? That’s understandable but what if the use case is specifically to allow correlation of a did to a public identity ? I suppose there is an attack vector where someone uses that did as the subject of a vc without a subsequent vc / vc that proves ownership of that did Steven Capell Mob: 0410 437854 > On 7 Mar 2022, at 1:26 am, Manu Sporny <msporny@digitalbazaar.com> wrote: > > Never publish via a DID Document service endpoint what you can communicate > with a VC. Digital Bazaar is coming to the conclusion that service endpoints > were probably not a good idea for the use cases it was envisioned to be used > for. That doesn't mean it's useless, just that we should've used VCs to > address most of the "service endpoint" use cases.
Received on Sunday, 6 March 2022 20:15:06 UTC