Closed msporny closed 2 years ago
unclear what changes need to be accepted to see this merged.
@OR13 - I'd like the warnings to be more specific. (discussing this with @msporny)
PR is stale and should be closed.
Yes, it's stale. If we close this, the text should be preserved and integrated into the new spec.
https://github.com/w3c-ccg/did-method-web/issues/29
This PR should be closed if the requested changes cannot be implemented in a timely manner.
@dmitrizagidulin @awoie I recommend adding a "pending-close" / 1 week tag.
@msporny this PR has conflicts and changes requested, if they are not addressed in 1 week it will be closed, if you wish for these concerns to be addressed, please open issues to track them.
Closing the PR, feel free to open another one at any time.
@msporny +1 to this PR overall (we've been meaning to add this section for a while).
We should get more specific with the warnings, though.
The "when and where every did:web DID ... is used" is not quite right. We should say something more like:
"For example, the verification of a Verifiable Presentation might result in a verifier resolving a did:web DID. As with any HTTP request, this resolution enables the Verifiable Data Registry (the server where the DID is hosted) to track a number of things, both about the verifier and the DID itself. (Incidentally, these concerns apply to any DID methods accessed through an http-based Universal Resolver of any sort hosted on a public website.)
DID:
Verifier:
User-Agent
(as well as any other HTTP headers), which often enables browser fingerprinting attacks.