search

w3c / vc-bitstring-status-list

A privacy-preserving mechanism to publish status information for Verifiable Credentials.
https://w3c.github.io/vc-bitstring-status-list/
Other
22 stars 19 forks source link

caching status lists as a mitigation for identifying when the holder visited a verifier #144

Closed npdoty closed 5 months ago

npdoty commented 6 months ago

Caching is suggested as a potential mitigation for hiding when a holder visited a verifier. Caching recommendations to verifiers could use normative guidance.

msporny commented 6 months ago

Ok, we can add some normative guidance noting that verifiers SHOULD cache the result.

iherman commented 6 months ago

The issue was discussed in a meeting on 2024-03-13

View the transcript #### 2.1. caching status lists as a mitigation for identifying when the holder visited a verifier (issue vc-bitstring-status-list#144) _See github issue [vc-bitstring-status-list#144](https://github.com/w3c/vc-bitstring-status-list/issues/144)._ **Manu Sporny:** PING wants normative guidance on caching behavior on status list. > *Dmitri Zagidulin:* (yeyyy normative guidance!). **Manu Sporny:** if we put MUST we need to test it; Not sure how we would test it in this group. … best we can say is SHOULD cache rather than MUST. > *Dave Longley:* +1 to SHOULD. > *Dmitri Zagidulin:* +1 to SHOULD. **Manu Sporny:** would prefer SHOULD. **Brent Zundel:** why don't we simply ask implementers whether they do cache. It is lame test, but may work. **Ivan Herman:** agree with you. The goal of testing is to see if the recommendation is implementable... **Brent Zundel:** other comments on this issue? **Manu Sporny:** Fine, but concerned with precedent. … Maybe the way we implement this is to add a field to each implementations implementation config file... "iCacheStatusListsISwear": true. **Brent Zundel:** I hear the concerned. This group has had a commitment to developing solid test suites. I think we are okay. > *Manu Sporny:* I agree with Brent's analysis. **Paul Dietrich:** arguing MUST may be too restrictive. > *Manu Sporny:* I also agree with Paul's concern. > *Dave Longley:* "yes, my implementation caches when `validUntil` is present". **Brent Zundel:** editors of bitstring stat list, do you have what you need? **Manu Sporny:** yes. > *Dave Longley:* +1 to pauld_gs1's concerns, i think we don't want to lock in caching rules either. > *Dave Longley:* (i.e., it would be good to allow better caching rules over time with experience). **Manu Sporny:** I'll take a shot at caching rules, with a MUST and otherwise will backoff to a SHOULD. **Brent Zundel:** could have a MUST with recommended caching rules. > *Dave Longley:* +1 to something like what Brent said around caching rules.
msporny commented 5 months ago

PR #153 has been raised to address this issue. This issue will be closed once PR #153 has been merged.

msporny commented 5 months ago

PR #153 has been merged, closing.