Closed rhiaro closed 3 years ago
Yes, correct. These sections were written long ago and are now misleading at best and catastrophically wrong at worst. @jandrieu and @talltree -- both of you may want to take a look.
PR #588 has been raised to mark the sections as wrong. We still need a PR to fix this issue.
I agree the sections could be improved. They talk too much about signed DID documents.
But there is also some useful content in there that shouldn't be removed. E.g. to state that 1. a signed DID document doesn't prove control of a DID, and 2. proving control of a DID requires DID resolution, those are two important points to mention.
Paragraph 9.2.2 Proving Control of a Public Key might need to reviewed by getting inspirited by the Static Data Authentication (SDA) and the Dynamic Data Authentication (DDA) used in the payment industry and highlight maybe the differences with static and dynamic method used by the DID and described in the section. The ICAO (passport) scheme might be a good one too.
The issue was discussed in a meeting on 2021-03-30
The issue was discussed in a meeting on 2021-05-04
PR #738 has been created to address this issue. This issue will be closed once that PR has been merged.
PR #738 has been merged.
@rhiaro please confirm that the PR addressed your concern; if so, mark the issue as cr-comment-resolved-explicit, and then close the issue.
The issue was discussed in a meeting on 2021-05-25
The proving control of DID docs and of public keys subsections in Security Considerations are inaccurate.
We need to fix these ASAP, but this can probably be done during CR as they are not normative.