Closed mudiali closed 3 years ago
I'm not sure a never expiring domain link credential is a good security idea.
Consider that this approach already relies on HTTPs with TLS certs that expire.
If you want it to "never expire"... set the date to 2090 or some time very far in the future.
I am closing this, its a bad idea from a security perspective, and it makes interop with VC formats harder.
Re: https://identity.foundation/.well-known/resources/did-configuration/#domain-linkage-credential
Currently, the
expirationDate
member is a MUST within the Domain Linkage Credential which does not make sense for the entities who do not want to manage the well known document's lifecycle. Companies may want to add the document and just keep it there without having to worry about monitor the status of the document. If they miss to update the document then their DID-to-domain link breaks.Making it optional makes sense as it allows for entities who do want it can then add it.