peppelinux
commented
3 days ago we already had this conversation: providing additional information may give the possibility to do information gathering
Open pietroACN opened 6 days ago
peppelinux
commented
3 days ago we already had this conversation: providing additional information may give the possibility to do information gathering
pietroACN
commented
3 days ago Thus the wallet will not be able to return to the user any information on why the status attestation cannot be issued. As the entire flow is protected by HTTPS, tracking these details would be difficult: unlocking/breaking HTTPS in this case would be costly in relation to the outcome (disclosing these information) and I believe that these additional details are protected enough from any data interception.
In the actual description of the Status Attestation HTTP Response Status Codes, we have the description of the status "404 Not Found" set as "The Digital Credential can not be found by the Issuer." here
I would suggest to improve the description, including in this return code the cases of "credential_revoked" and "credential_updated" thus changing the description as follows: "The Digital Credential can not be found by the Issuer, or the Status Attestation cannot be issued because the credential has been revoked or updated."