Re: [Potential Malicious Mail]Re: Query: Storing DID Documents on Centralized Platforms from Vigas Deep on 2024-02-14 (public-did-wg@w3.org from February 2024)

From: Vigas Deep <vigasdeep@gmail.com>
Date: Wed, 14 Feb 2024 22:56:07 +0530
To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>, public-did-wg@w3.org
Message-ID: <CAD2JkMqCDg7ekH=9E6pp2erSovcy4Zn1y=D6kH=vJxNdJQ2VGA@mail.gmail.com>

On Wed, Feb 14, 2024 at 1:33 PM Joosten, H.J.M. (Rieks)
<rieks.joosten@tno.nl> wrote:
>
> so anyone with access to that storage could change the did doc, unless the particular method itself requires the doc to be signed by a/the controller. I think did:web is vulnerable and there may be others.
>

Rieks,

Can you kindly share more details on why you think this is vulnerable,
any links or details? anything works, but I'll do my homework on this
too.


-- 
Vigas Deep
[W] | https://vigasdeep.com
[M] | +91-9815-400-807

Received on Wednesday, 14 February 2024 17:26:25 UTC