Re: How much is it reasonable to generalize from the TruAge implementation? from Filip Kolarik on 2023-11-15 (public-credentials@w3.org from November 2023)

From: Filip Kolarik <filip26@gmail.com>
Date: Wed, 15 Nov 2023 15:03:03 +0100
To: detlef.huehnlein@ecsec.de
Cc: "John, Anil" <anil.john@hq.dhs.gov>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CADRK2_NNH5JNPx+TzBGQUGN+RY60iL+Kt+w_W--EBH6n0Pr9-g@mail.gmail.com>

On Wed, Nov 15, 2023 at 7:46 AM <detlef.huehnlein@ecsec.de> wrote:

> Dear Collegues,
>
> >> I think, if we do our work right, wallets should be considered
> trustless.
> >> Issuers and verifiers should be able to have confidence that they *do
> not >need to trust wallets* to get trust in the VCs and their associated
> >presentations.
> >
> >Interesting. I need to think about this a lot more.
>
> there are private keys corresponding to Verified Credentials within the
> wallet. How can a wallet considered to be "trustless"?
>

Hi,
no private keys should be stored in your wallet, unless your "wallet" acts
as an issuer.

1. an issuer issues/signs a credential for you with issuer's private key
2. a credential holder (you) stores the signed VC in a wallet, the VC
includes verification method in a form of public key

Having self-signed VCs is another topic, but the logic is the same. As has
been pointed out in this thread a couple of times. If VC contains only
information that can be publicly shared, e.g. a VC proving I've attended an
event in person, then the VC can be publicly shared with no issue.

Best,
Filip

> Best Regards,
>    Detlef
>
>
>

Received on Wednesday, 15 November 2023 14:03:20 UTC