Closed dmitrizagidulin closed 4 years ago
gannan08
commented
4 years ago Is setting the controller the DID always the behavior we want when providing our own keys? My memory may be wrong but I thought that keys generated in a KMS were bound to an account, the controller of the key. This code seems to destroy the relationship between accounts, the controller of keys in KMSs, and the keys found inside of a KMS.
@dmitrizagidulin @mattcollier @dlongley
dmitrizagidulin
commented
4 years ago @gannan08 hmmm yeah, I think I'll change it so that the logic is "if the key doesn't have a controller, use the current DID".
dmitrizagidulin
commented
4 years ago @gannan08 come to think of it, same logic should apply to existing Key IDs. Should be fixed now.
dlongley
commented
4 years ago KMS relationships are with private keys -- I'm not sure why they are being brought up here but I admit I'm not paying very close attention. The controller expressed in a DID Document for a public key should be the DID. Any private key mapping/controller information should not be exposed in a DID Document and is not relevant to verifiers that use the public key.
dmitrizagidulin
commented
4 years ago @gannan08 @dlongley - should be fixed now, controllers are enforced to the DID, key IDs are preserved but initialized to did + fingerprint if missing.
(Fix to work with latest chipmunk release).