Re: How much is it reasonable to generalize from the TruAge implementation?

On Wed, Nov 15, 2023 at 7:46 AM <detlef.huehnlein@ecsec.de> wrote:

> Dear Collegues,
>
> >> I think, if we do our work right, wallets should be considered
> trustless.
> >> Issuers and verifiers should be able to have confidence that they *do
> not >need to trust wallets* to get trust in the VCs and their associated
> >presentations.
> >
> >Interesting. I need to think about this a lot more.
>
> there are private keys corresponding to Verified Credentials within the
> wallet. How can a wallet considered to be "trustless"?
>

Hi,
no private keys should be stored in your wallet, unless your "wallet" acts
as an issuer.

1. an issuer issues/signs a credential for you with issuer's private key
2. a credential holder (you) stores the signed VC in a wallet, the VC
includes verification method in a form of public key

Having self-signed VCs is another topic, but the logic is the same. As has
been pointed out in this thread a couple of times. If VC contains only
information that can be publicly shared, e.g. a VC proving I've attended an
event in person, then the VC can be publicly shared with no issue.

Best,
Filip



> Best Regards,
>    Detlef
>
>
>

Received on Wednesday, 15 November 2023 14:03:20 UTC