-
Notifications
You must be signed in to change notification settings - Fork 45
Standardize the key revocation list #96
Comments
@satazor wrote:
Yes, absolutely agree. There are two strategies we could employ here. The first is to make sure that revoked keys will exist in the DID Document at all times. The second is to use revocation lists. Assuming we go with the first strategy, any revoked key will have one of three properties (still under discussion):
It may be beneficial to do multiple of those properties together. Option 2 may come out of the work on status lists (revocation is a particular subclass of status list): https://w3c-ccg.github.io/vc-csl2017/ So, keys could have status lists associated with them:
... the downside here being that it takes just as many properties for the indirection than it does to directly embed that the key has been revoked in the key description. |
I think we will have several situations like this, where features of the DID document should be standardized but remain optional (because not all DID methods may support this). Besides key revocation, another example is versioning. |
Related to #166 and w3c/did-resolution#37 |
Closing as we have adopted this issue in the new DIDWG repo. |
Currently the specs state:
This means that is up to each DID method spec to specify how to obtain the revoked keys list. The issue is that the data structure for this list is not enforced, reducing the interoperability of the data model for that list.
In my view, it's important to standardize the data model of the revocation list. The reason is that there are many use-cases where we might want to verify signatures of arbitrary data that was signed by identities. To do just that that we must:
It will become a mess for app developers if we don't have a standardized and well defined revocation list. More specifically, app developers we would need to create "adapters" to build a canonical data model of the revocation list.
Thanks.
The text was updated successfully, but these errors were encountered: