- From: <steve.e.magennis@gmail.com>
- Date: Tue, 14 Nov 2023 18:02:17 -0800
- To: "'John, Anil'" <anil.john@hq.dhs.gov>, "'W3C Credentials Community Group'" <public-credentials@w3.org>
> I think, if we do our work right, wallets should be considered trustless. This thought has been bugging me all day. If someone drops a credential in my lap - regardless of where it came from or how it got to me - I should be able to convince myself of the accuracy of the entity that issued the credential and that what I now have in my possession has not been adulterated in transit. That said, in practice unless we expect verifiers to get down to the byte level to make trust decisions, the code and devices that abstract the low level cryptographic detail and interchange protocols needs to exist in some sort of trust framework. That framework could be a technically recursive trust framework, but I think it could just as easily be something like a trust mark, a brand name or even the existence of reasonable legal recourse to make a party whole (to the extent possible) if damage is done. Presumably, there would be some set of standards and compliance backing up any of these trust frameworks (that themselves would be subject to the question about recursive trust - but in large measure as end consumers we tend to look to trust marks to provide enough assurance so that we don't have to do a lot of due diligence upstream of them). Arguably, in order of the importance of trusted code and devices it may be that verifiers warrant the greatest consideration, followed by holders then issuers. The argument being that verifiers have the least involvement in the content and transit of a credential and therefore the greatest exposure to using the information. $0.02 -----Original Message----- From: John, Anil <anil.john@hq.dhs.gov> Sent: Tuesday, November 14, 2023 11:09 AM To: W3C Credentials Community Group <public-credentials@w3.org> Subject: RE: How much is it reasonable to generalize from the TruAge implementation? > I think, if we do our work right, wallets should be considered trustless. > Issuers and verifiers should be able to have confidence that they *do not need to trust wallets* to get trust in the VCs and their associated presentations. Interesting. I need to think about this a lot more. It reminds me of an approach that implements capabilities that ensure that opaque data blobs (while traveling or at rest) be self-protecting regardless of where it is physically located. Best Regards, Anil Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
Received on Wednesday, 15 November 2023 02:02:26 UTC