peppelinux
commented
2 weeks ago we must introduce actionable items that brings the evidence about how this "loss" can be evaluated from the credential issuer.
checking a revocation of a wallet instance is possibile since the wallet instance attestation would not be valid anymore, making this item explicit, while the "loss of something" doesnt bring any evidence about how it could be evaluated from the issuer side
The text states: " The issuer Must .... revoke a Digital Credential when ....the Wallet Instance that holds the Digital Credential was issued is revoked;"
It is not clear where is the relation between the Wallet Istance (that may have been revoked and replaced with another version) and the Digital Credential as the credential validity should be independent from the wallet: the credential is bound to the user Key that may be generated by an external WCSD or remote signing device.
It would be preferable to change the text with the following one: " The issuer Must .... revoke a Digital Credential when ....the cryptographic key material to which the issued Digital Credential is bound is lost or replaced;"
In case also the following statement should be replaced with: "Loss of cryptographic key material to which the issued Digital Credential is bound"