W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

From: Joe Andrieu <joe@legreq.com>
Date: Tue, 22 Mar 2022 12:04:30 -0700
Message-Id: <58a4ec47-bde4-432b-8be8-f3bea3c1a866@www.fastmail.com>
To: "Orie Steele" <orie@transmute.industries>, "David Longley" <dlongley@digitalbazaar.com>
Cc: "Credentials Community Group" <public-credentials@w3.org>
On Tue, Mar 22, 2022, at 9:31 AM, Orie Steele wrote:
> Great news! 
> You can choose from 3 browsers and 4 operating systems.

Funny, I use a dedicated hardware device for my wallet. Seems you aren't thinking through how these cryptographic systems actually secure themselves.

Yes, if you want to defer to keeping keys on a general purpose computer, you get stuck in the security and trust issues of those platforms. Just like horse-drawn carriages were stuck with the problems of managing horses.

Decentralized cryptographic tools are a lot like automobiles. Basically nobody had them before they were invented and we had to simultaneously develop cars as a new transportation mechanism along the same rights of way, even in a world dominated by horses. Yes, decentralized cryptography has its issues, but they are not the same issues as those systems which defer to a central authority. So, yes, if you try to build your decentralized identity solutions in a manner that is secured by your desktop or laptop or even phone, you are limited to the trust & security of those platforms. So don't do that.

Instead, I encourage you to help us define these systems to avoid that trust bottleneck wherever it can be. Use a ledger. Or a Yubikey. Or a LetheKit if you're advanced enough.

Standards that leverage this new architecture are definitely forward looking, a bit like planning an interstate highway system before the Model T was released. It seems crazy and has so many questions you can barely get started. Eventually we'll figure out how different vehicles can interoperate in a decentralized way: what signage is important, what functionality is required for safety, how to insure against risk, and even where we are going to build all the necessary gas stations. That's the work. Our work.

Sounds like you're giving up the fight before you even tried, Orie.

There are ways to build out this ecosystem that don't rely on trusted third parties. Help us with that work and we can go far. No system is perfect, but any system can be made better. The fundamental thesis of this work is that liberty matters more than the harmony of centralized authority. I'll stand on that principle against unnecessary centralization every time.

In contrast, if you attempt to co-op the work to enshrine centralized power dynamics, you'll pull us into debates and arguments you cannot win, because *we* know we don't need those kinds of solutions and that is why we are here. It *is* a hill we are willing to die on. 

Are you willing to do the same to argue we should just accept BigTech as our trusted overseers?

Because if you are we might just both die on this hill rather than actually ship standards that change the world.


> "Wallet Apps" rely on trust in these in order to do anything related to security!
> "Wallet Apps" outside the OS layer will always be less trustworthy, and OS providers can leverage their control of the OS layer to create wallet capabilities that no app could ever achieve.
> Then binding directly to the OS capabilities they can ensure that no market for "wallet apps" exists.
> The OS is the original wallet... If you don't control the OS, and the hardware... your identity is just rented to you.
> Sometimes being root is a good thing.
> OS
> On Tue, Mar 22, 2022 at 11:22 AM Dave Longley <dlongley@digitalbazaar.com> wrote:
>> On 3/22/22 1:53 AM, Joe Andrieu wrote:
>> > Hmmm...
>> > 
>> > How is my wallet incentivized to falsify my consent?
>> > 
>> > That's seems like worrying about revolvers that are incentivized to
>> > misfire. Once it becomes known that a particular revolver has poor
>> > performance characteristics, people will stop buying it. Problem solved.
>> > Companies are always going to have varying quality in their products.
>> > Choose wisely.
>> > 
>> > If a wallet is compromised, you're screwed. Period. Trusting your wallet
>> > is fundamental to being able to trust anything in the system.
>> +1
>> This is also why wallet choice is essential. If users don't have the
>> freedom to choose their wallets, this feedback loop gets messed up. So,
>> if we are worried about wallets mistreating their users -- then the
>> solution is to ensure that users have the freedom to choose whatever
>> wallet they want.
>> -- 
>> Dave Longley
>> CTO
>> Digital Bazaar, Inc.
> -- 
> Chief Technical Officer
> www.transmute.industries

Joe Andrieu, PMP                                                                              joe@legreq.com
LEGENDARY REQUIREMENTS                                                        +1(805)705-8651
Do what matters.                                                                            http://legreq.com <http://www.legendaryrequirements.com/>
Received on Tuesday, 22 March 2022 19:05:08 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC