Ensure that time stamps are properly linked to identity assertion signatures

creator-assertions / identity-assertion

Creator Assertions Working Group :: Identity Assertion

https://creator-assertions.github.io/identity/

Other

3 stars 5 forks source link

Ensure that time stamps are properly linked to identity assertion signatures #54

Open scouten-adobe opened 4 months ago

scouten-adobe commented 4 months ago

@OR13 raised the issue that signatures can be back-dated without some form of counter-signature that verifies time of issuance.

Adding this issue to ensure we address that before VC portion of spec is approved.

scouten-adobe commented 4 months ago

@OR13 my sense is this is sufficiently covered by the recommendation to use RFC 3161 countersignatures when doing COSE signatures. Based on that, I'm assigning this to the 1.x-add-w3c-vc milestone. Do you agree?

OR13 commented 4 months ago

I'd prefer to see CDDL, and EDN examples for how to include the timestamps.

There is also https://datatracker.ietf.org/doc/html/rfc9338

I'm not sure what the objective is here, so it's hard to know if it's been accomplished.

It can probably be addressed later.