Revocation and No Phone Home from Stephen Curran on 2025-06-02 (public-credentials@w3.org from June 2025)

From: Stephen Curran <swcurran@cloudcompass.ca>
Date: Mon, 2 Jun 2025 10:09:48 -0700
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAFLTOV6oopTvqk2eKywjpGngcgxFrK5WNPiOKyVfSK+6cOjHUw@mail.gmail.com>

A challenge with the "No Phone Home" requirement (which I fully support)
arises with the need for "near real time" revocation -- ideally with
unlinkability.  While an unrevocable VC is easily used without a phone home
call, when the holder and/or verifier need to get near real time revocation
data published by the issuer, there may be a need to collect that data from
either the issuer or a central location.

My question: What is the benchmark for retrieving revocation data such that
it is not considered “phoning home”?

For example, if a revocation registry (such as Status List) has a minimum
size of the entire VC population or at least 125k VCs, is that sufficient
(as mentioned in the BitString Status List standard --
https://www.w3.org/TR/vc-bitstring-status-list/#conceptual-framework) to
avoid “phone home” concerns?

There are other mitigations worth considering:

   - Verifiers should only request revocation status when necessary.
   - Verifiers could accept a bounded age for a proof of non-revocation
   (e.g., “not revoked in the past two weeks”).
   - Issuers could publish revocation schedules or patterns to reduce the
   need for frequent checks.

What other techniques or considerations can help meet both the “no phone
home” requirement and the need for revocation support?

-- 

Stephen Curran
Principal, Cloud Compass Computing, Inc.

Received on Monday, 2 June 2025 17:10:15 UTC