- From: Amir Hameed <amsaalegal@gmail.com>
- Date: Thu, 19 Mar 2026 19:04:32 +0530
- To: Greg Bernstein <gregb@grotto-networking.com>
- Cc: public-credentials@w3.org
- Message-ID: <CANGYBszbTvpf-_Gv2tzB7jCybgj01-VtSMkHZAv5pF5rLeHwfA@mail.gmail.com>
Hi Greg, Really appreciate it. I agree—key compromise detection is too often treated as an afterthought when it should be central to both safety and continuity planning. I see a clearly shared interest, would you be open to contributing your thoughts more directly? I'd love to hear how you're approaching detection in practice—whether it's an audit, anomaly patterns you're watching, or how you're adapting as NIST guidance evolves. Your perspective would add real value to the discussion. Cheers, Amir On Thu, 19 Mar 2026 at 05:04, Greg Bernstein <gregb@grotto-networking.com> wrote: > Hi Amir, will to help too. Key management gets discussed in the security > section of all the cryptosuites and I’ve been following the updates to the > NIST specs in this area. Also interested in the area of detecting key > compromise which is somewhat related. > > Cheers > > Greg B. > > On 3/18/26 00:42, Amir Hameed wrote: > > Hi All > > In view of the DID Key recovery extension work item proposal , is mailing > list sufficient to express interest for adoption of work item or I need to > put it as issue on CCG GitHub repo. > > Regards > Amir Hameed > > On Thu, 12 Mar 2026 at 1:20 PM, Amir Hameed <amsaalegal@gmail.com> wrote: > >> Dear CCG Members, >> >> Two weeks ago I shared the draft specification for *DID-KR: Key Recovery >> Extension for Decentralized Identifiers* for community review and >> feedback. >> >> Thank you to everyone who took the time to review the proposal and >> contribute to the discussion. The feedback from members of the group has >> been very helpful in refining the direction of the specification and >> validating the problem space around decentralized identity key recovery. >> >> The DID-KR proposal introduces a recovery verification relationship for >> DID Documents and specifies multiple recovery mechanisms, including: >> >> • Social guardian-based recovery using verifiable secret sharing and >> zero-knowledge proofs >> • Deterministic seed-based recovery mechanisms >> • MPC-mediated recovery suitable for enterprise or infrastructure >> deployments >> >> The goal of the specification is to provide a standardized and >> interoperable approach to recovering control of decentralized identifiers >> when private keys are lost, while maintaining the self-sovereign principles >> of decentralized identity. >> >> The draft specification and issue tracker are currently hosted at Issues >> · sirraya-labs/did-kr <https://github.com/sirraya-labs/did-kr> and are >> open for community participation and contributions. >> >> Specification repository: >> https://github.com/sirraya-labs/did-kr >> >> Given the discussion and the interest expressed in exploring >> implementations, I would like to formally propose that the *DID-KR Key >> Recovery Extension* be adopted as a work item of the Credentials >> Community Group. >> >> I would be happy to serve as editor for the specification and coordinate >> with members of the community interested in reviewing, improving, or >> experimenting with implementations of the proposal. >> >> Implementers and contributors interested in exploring prototype >> implementations or interoperability considerations are very welcome to >> participate. >> >> Thank you again to the community for the constructive feedback and >> discussion. >> >> Best regards, >> >> Amir Hameed Mir >> > -- > ------------------------------ > > Dr. Greg M. Bernstein, https://www.grotto-networking.com > ​ >
Received on Thursday, 19 March 2026 13:34:48 UTC