You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Assume you have a DID on your device that is not anchored and it supports key type X. You would like to support a new key type Y. Since you already have a VCs etc. issued to the DID you don't want to create a new DID. You are locked in as long as you can't anchor.
How about allowing the longform to be evolved, by appending new update operations to the end of it (e.g. adding a new key for curve Y). This would change the longform DID, but since the short form DID is based on the initial create operation, the short form can stay the same. As long as all verifiers always identify based on the short form DID and verify based on the given longform this should work.
One issue with this that I see is the fact that you could present different versions of a longform DID (like "doublespend"). As long as you are in control of keys this has neither benefit or drawback for you or related parties as far as I can tell. But it means that you can never revoke compromised keys with this scheme, since an attacker could always present a version of the longform where the revoke has not been performed. Nonetheless, this is not very different to having a compromised key in the current longform, since you also can't do anything about it. The value of being able to add new key formats is still given.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Assume you have a DID on your device that is not anchored and it supports key type X. You would like to support a new key type Y. Since you already have a VCs etc. issued to the DID you don't want to create a new DID. You are locked in as long as you can't anchor.
How about allowing the longform to be evolved, by appending new update operations to the end of it (e.g. adding a new key for curve Y). This would change the longform DID, but since the short form DID is based on the initial create operation, the short form can stay the same. As long as all verifiers always identify based on the short form DID and verify based on the given longform this should work.
One issue with this that I see is the fact that you could present different versions of a longform DID (like "doublespend"). As long as you are in control of keys this has neither benefit or drawback for you or related parties as far as I can tell. But it means that you can never revoke compromised keys with this scheme, since an attacker could always present a version of the longform where the revoke has not been performed. Nonetheless, this is not very different to having a compromised key in the current longform, since you also can't do anything about it. The value of being able to add new key formats is still given.
Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions