EzequielPostan
commented
1 year ago this is an interesting one to chat about
I'm not sure if this means you can remove a key by ID, and then in a second operation add a new key with the same ID.
today, the spec does not allow to re-add the same key ID. Using the terminology revoke vs rotate, we support key revocation but not rotation.
As I commented in the other issues, we like to take note of feature requests. A priori, what I can see is that adding key rotation would require relatively big changes to the spec. In particular, if we want to support historical queries as you raised in #43
The spec does not allow for key rotation but only key removal+key replacement (in one tx). (See https://github.com/w3c/did-core/issues/386 and https://www.w3.org/TR/did-core/#verification-method-rotation)
https://github.com/input-output-hk/prism-did-method-spec/blob/b3f38aeb77cecac86c2865eb2c22934ae27e1181/w3c-spec/PRISM-method.md?plain=1#L652
But if you can't, I think it would be useful! The semantics of what this means might vary but a key rotation should probably not change the ID of the
verificationMethodbut just the key material associated with thatverificationMethodID. (This requires historical DIDs (#43) to make sense)Whereas a key revocation would specifically mean the removal of that verification method key ID from the DID document. (possibly not be allowed to re-add it if it was in the history then)
This allows 3rd parties to make the decision what rotated vs revoked means to them - revocation could imply a key was knowingly stolen so should not be trusted whereas a rotation might be periodic. That is up for debate but having support for it at least would be good (I think :D)!