Closed AxelNennker closed 5 years ago
This PR is stuck at present, waiting for @AxelNennker to make changes or suggest alternatives.
Hi @msporny was surprised that this PR was stuck. I added your proposal to this PR and a security note regarding signature validation.
This should be addressed by the DID Resolution spec: https://github.com/w3c-ccg/did-resolution/
Resolvers MUST NOT return DID Document properties if signature validation fails
Based on Example 4 in https://w3c-ccg.github.io/did-spec/#did-subject, is there a strict requirement for a DID Document to be signed to be considered a valid DID Document?
EXAMPLE 4
{
"id": "did:example:21tDAKCERh95uGgKbJNHYp"
}
@mwherman2000 There is no requirement for a DID Document to be signed, and it is very important to understand that a signature on a DID Document does NOT prove that it is (or ever was) the correct DID Document for a given DID. The only way to ensure that is to go through the DID Resolution process. See Binding of Identity.
Just created issue https://github.com/w3c-ccg/did-resolution/issues/13 so we can also track this topic over there in the DID Resolution spec.
Closing. Thanks, Markus!
Resolvers MUST NOT return DID Document properties if signature validation fails
Preview | Diff