Open msporny opened 2 years ago
For the current situation, I wholeheartedly agree with @msporny.
However, in the near future verifiers SHOULD be enabled to accept (wallet) apps that they do not control. The decisive use-case is provided by the EU, that is actively considering
I would not be surprised if (consortia of) organizations would not only request the user to present (identification) credentials, but also to present credentials that pertain to the app/agent that they are actually using (and the verifying actor of the organization is connected/communicating with). Such a credential would be required to contain a certificate that states that the app satisfies the criteria set forth in an 'app security/trust framework', and is issued by a party that is an accredited auditor in that framework. It's a lot of work to get this done, but similar things have been done before. And it would incentivize wallet manufacturers to acquire such certificates as they enable these wallets to be used in the contexts that require them.
Having said that, the issue is out of scope for VCDM.
It is unclear to me when you say "Visual Indicators" and "Digital Images" then Tilt Sensor. Correct me if I am wrong:
1- user is asked to verify FaceID? -- perhaps video and you have to move a bit to confirm in 3d? 2- Present ID Doc. ? 3- Present App Credential ( QR/BARCODE/ ) ?
OR
3- It is connected to international AML/KYC and Anti-Fraud monitoring systems? as external 3rd party validation.
Orie, can you explain your point to someone as lame as me?
I see the point of this Issue #66 as Verifiers (and Issuers) forcing a person to use wallets that they don't control. Forced association is a human rights violation.
Adrian
On Tue, Feb 7, 2023 at 10:45 AM Orie Steele @.***> wrote:
Trust me, this is valid credential XD...
— Reply to this email directly, view it on GitHub https://github.com/w3c/vc-imp-guide/issues/66#issuecomment-1421086450, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABB4YJS4NM2F6QXZIRW7ETWWJ323ANCNFSM5W6USECA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
@agropper I think this issue is basically, don't trust UI by itself.... the credential above is valid, but unless you are intending to trust that web origin and the entire software supply chain that goes into it... you should not believe the "green checkmark".... similarly, you should not supply "credentials"to websites you don't trust to verify them...
@OR13 — I think you misspelled
<sarcasm>Trust me, this is valid credential XD...</sarcasm>
@OR13 I completely agree about the UI point but that still leaves the link between this Issue and the risk of forced association as a human rights violation if Issuers and Verifiers, in practice, insist on a “certified” UI.
This, in my opinion, is such a core risk to VCs that “MUST NOT trust visual indicators” is not clear enough. The human rights problem with certified wallets and apps should be addressed directly in our specs and the mitigations should be offered.
Adrian
On Tue, Feb 7, 2023 at 5:22 PM Orie Steele @.***> wrote:
@agropper https://github.com/agropper I think this issue is basically, don't trust UI by itself.... the credential above is valid, but unless you are intending to trust that web origin and the entire software supply chain that goes into it... you should not believe the "green checkmark".... similarly, you should not supply "credentials"to websites you don't trust to verify them...
— Reply to this email directly, view it on GitHub https://github.com/w3c/vc-imp-guide/issues/66#issuecomment-1421619274, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABB4YJI7WTYM4W2BQZVBBTWWLKK3ANCNFSM5W6USECA . You are receiving this because you were mentioned.Message ID: @.***>
The issue was discussed in a meeting on 2023-02-07
From this article:
https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/
There is this misguided notion that I've heard many times now... that the Holder App itself has a visual watermark that let's the verifier visually inspect that the app is a legitimate mDL app. I've heard government representatives from US states as well as some sales people from vendors in the space say this. We all know that digital images that you visually inspect are NOT a trustworthy security feature... even if you use the phone's tilt sensor to turn it into a "digital hologram".
We should state that Verifiers MUST NOT trust visual indicators on apps they do not control and ideally any visual indicator on their app is driven by some sort of cryptographic security process.