- From: Alex Tweeddale <alex@cheqd.io>
- Date: Tue, 27 Sep 2022 10:42:29 +1000
- To: public-credentials@w3.org
- Message-ID: <CAHBQp8UAeGBNb=K0b5tvQ7k_JPxHvYWF2D+NR87AYjp0xpkDJQ@mail.gmail.com>
Hey CCG folks 👋 I'm currently doing some research into Status List 2021 and I have a couple of questions around its implementation. I was hoping one of you might be able to help: *1. Minimum bitstring length and herd privacy* I understand that there is a minimum bitstring length/size <https://w3c-ccg.github.io/vc-status-list-2021/#revocation-bitstring-length> in order to preserve the privacy of Holders and make it harder for an issuer to correlate which Holders are using their Credentials and when they are using them. I am curious as to why the number 131,072 was chosen, and also at what point it is recommended that this length should be extended. For example, after 10,000 Credentials have been issued and assigned to bitstring values within this Status List, should the length of this bitstring be extended accordingly and scale with the number of issued Credentials? *2. Centralization of the bitstring* Using a Verifiable Credential hosted by the issuer to store the entire bitstring seems to be a single point of failure for the ecosystem. I note that there are suggestions to perhaps use a Content Delivery Network and caching to remove this reliance on requests to a single server. Is there a desire to store the Status List on a Verifiable Data Registry as a resource? At cheqd, we've recently developed our resource module <https://docs.cheqd.io/identity/ledger-resources/creating-a-resource> which would be capable of storing/identifying a Status List with a unique DID URL, associated with a DID Document. Using this model, the Status List could be retrieved using a DID Resolver, and this would remove any relationship needed between an issuer and a verifier. I've put together a draft document on how this resource module could extend to supporting Status List 2021 from a technical perspective <https://docs.cheqd.io/identity/ledger-resources/using-on-ledger-resources-to-support-statuslist2021>. I'd be really keen to hear the community's thoughts on whether this is a good idea, or whether this could lead to further privacy risks. Looking forward to hearing feedback / suggestions / warnings -- Alex Tweeddale Governance & Compliance Lead Schedule a meeting <https://calendly.com/alex-tweeddale/introductory-call> cheqd.io <https://www.cheqd.io/> | Twitter <https://twitter.com/cheqd_io> | LinkedIn <https://linkedin.com/company/cheqd-identity> | Telegram <https://t.me/cheqd>
Received on Tuesday, 27 September 2022 00:42:54 UTC