ghost
commented
2 years ago I am no expert, but here is my opinion: some application developers might assume that did controllers/users will create dids that only allow for the verification method relationships that the controller/user wants the application to be able to use.
ex: if an application sees that a did contains a key for assertionMethod it might assume it can use it to assert statements the controller/user did not want to assert. the controller/user might not have explicitly asked the application to perform that operation but the application might do it because it thought the user implicitly asked for it.
for that reason I'd like it that all verification method relationships were explicitly stated in dns record(s) so that a user/controller can create a did that is only valid for specific operations. that would reduce the possibility of a mismatch between what the did creator thinks of how the did will be used vs how the app will actually use it.
peacekeeper
The specification currently defines RR patterns for storing public keys, but it doesn't specify their verification relationships (
authentication,assertionMethod, etc.).Should there be an explicit pattern for specifying this, or should a default set of verification relationships be assumed (like e.g. in did:key)?