Proving Control sections are wrong

w3c / did-core

W3C Decentralized Identifier Specification v1.0

https://www.w3.org/TR/did-core/

Other

405 stars 94 forks source link

Proving Control sections are wrong #583

Closed rhiaro closed 3 years ago

rhiaro commented 3 years ago

The proving control of DID docs and of public keys subsections in Security Considerations are inaccurate.

We need to fix these ASAP, but this can probably be done during CR as they are not normative.

msporny commented 3 years ago

Yes, correct. These sections were written long ago and are now misleading at best and catastrophically wrong at worst. @jandrieu and @talltree -- both of you may want to take a look.

msporny commented 3 years ago

PR #588 has been raised to mark the sections as wrong. We still need a PR to fix this issue.

peacekeeper commented 3 years ago

I agree the sections could be improved. They talk too much about signed DID documents.

But there is also some useful content in there that shouldn't be removed. E.g. to state that 1. a signed DID document doesn't prove control of a DID, and 2. proving control of a DID requires DID resolution, those are two important points to mention.

ktobich commented 3 years ago

Paragraph 9.2.2 Proving Control of a Public Key might need to reviewed by getting inspirited by the Static Data Authentication (SDA) and the Dynamic Data Authentication (DDA) used in the payment industry and highlight maybe the differences with static and dynamic method used by the DID and described in the section. The ICAO (passport) scheme might be a good one too.

iherman commented 3 years ago

The issue was discussed in a meeting on 2021-03-30

no resolutions were taken

View the transcript

#### 5.5. Proving Control sections are wrong _See github issue [#583](https://github.com/w3c/did-core/issues/583)._ **Brent Zundel:** Assigned to Amy, but I don't see her. manu or markus_sabadello? **Manu Sporny:** Amy is going to do it

iherman commented 3 years ago

The issue was discussed in a meeting on 2021-05-04

no resolutions were taken

View the transcript

#### 7.1. Proving Control sections are wrong _See github issue [#583](https://github.com/w3c/did-core/issues/583)._ **Brent Zundel:** There has been a bit of conversation. Need a PR to fix issue. **Manu Sporny:** General statement: I triaged issue this past weekend, marked everything that was a CR comment. Marked anything ready for a PR as ready for PR. … Almost every one except 2 or 3 are ready for PR. > *Amy Guy:* brent, I'm looking at 583 but I think I'll need help. Will ping people. **Brent Zundel:** If you haven't and always wanted to write a PR for a specification, we have a number of issues to choose from, and I encourage you to do so.

msporny commented 3 years ago

PR #738 has been created to address this issue. This issue will be closed once that PR has been merged.

msporny commented 3 years ago

PR #738 has been merged.

@rhiaro please confirm that the PR addressed your concern; if so, mark the issue as cr-comment-resolved-explicit, and then close the issue.

iherman commented 3 years ago

The issue was discussed in a meeting on 2021-05-25

no resolutions were taken

View the transcript

#### 3.7. Proving Control sections are wrong _See github issue [#583](https://github.com/w3c/did-core/issues/583)._ **Manu Sporny:** The PR is in and has been merged, and I am waiting for Amy to see if it addressed her concern **Brent Zundel:** There are currently 15 open PRs that are all editorial … I encourage WG members to go in and review and approve (or improve) … the editors rely on our review to know when they can go forward with a merge … thank you everyone for your hard work; it is a pleasure to work with you … NO SPECIAL TOPIC CALL this week … next meeting is June 1 ---