search

decentralized-identity / .well-known

Specs and documentation for all DID-related /.well-known resources
https://identity.foundation/.well-known
Apache License 2.0
55 stars 15 forks source link

Make expirationDate in Domain Linkage Credential optional #49

Closed mudiali closed 3 years ago

mudiali commented 3 years ago

Re: https://identity.foundation/.well-known/resources/did-configuration/#domain-linkage-credential

Currently, the expirationDate member is a MUST within the Domain Linkage Credential which does not make sense for the entities who do not want to manage the well known document's lifecycle. Companies may want to add the document and just keep it there without having to worry about monitor the status of the document. If they miss to update the document then their DID-to-domain link breaks.

Making it optional makes sense as it allows for entities who do want it can then add it.

OR13 commented 3 years ago

I'm not sure a never expiring domain link credential is a good security idea.

Consider that this approach already relies on HTTPs with TLS certs that expire.

If you want it to "never expire"... set the date to 2090 or some time very far in the future.

OR13 commented 3 years ago

I am closing this, its a bad idea from a security perspective, and it makes interop with VC formats harder.