Vigas, if you want more insight into the vulnerability of the DID doc (and how to address it), I recommend this blog post<https://www.trustoverip.org/news/2023/12/15/announcing-public-review-of-the-didwebs-method-specification/> that explains the purpose of the did:webs method task force at ToIP. Best, =Drummond From: Vigas Deep <vigasdeep@gmail.com> Date: Wednesday, February 14, 2024 at 9:26 AM To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>, public-did-wg@w3.org <public-did-wg@w3.org> Subject: [EXT] Re: [Potential Malicious Mail]Re: Query: Storing DID Documents on Centralized Platforms On Wed, Feb 14, 2024 at 1:33 PM Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl> wrote: > > so anyone with access to that storage could change the did doc, unless the particular method itself requires the doc to be signed by a/the controller. I think did:web is vulnerable and there may be others. > Rieks, Can you kindly share more details on why you think this is vulnerable, any links or details? anything works, but I'll do my homework on this too. -- Vigas Deep [W] | https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvigasdeep.com%2F&data=05%7C02%7Cdrummond.reed%40gendigital.com%7Cdeaff0ee7a07424c913208dc2d8215a7%7C94986b1d466f4fc0ab4b5c725603deab%7C0%7C0%7C638435283935128844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sBXoKHPqN%2B0o1ss%2FqiAVgyI6boN883UhwJBSvcp1wJ0%3D&reserved=0<https://vigasdeep.com/> [M] | +91-9815-400-807
Received on Wednesday, 14 February 2024 17:45:51 UTC