Ensure trust in the server is minimised when verifying a root DID on mobile - Githubissues

alan-turing-institute / trustchain-mobile

A reference credential wallet built on Flutter and DIDKit.

https://spruceid.dev/docs/credible

Apache License 2.0

0 stars 1 forks source link

Ensure trust in the server is minimised when verifying a root DID on mobile #54

Open thobson88 opened 1 year ago

thobson88 commented 1 year ago

The model for root DID verification on mobile should be:

request verification bundle (for candidate root DID) from server
use bundle to verify DID timestamp
validate PoW
check timestamp against configured root event date & confirmation code.