-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add privacy considerations for multi-bit correlation #86
Comments
The issue was discussed in a meeting on 2023-09-15
View the transcript3.8. Add privacy considerations for multi-bit correlation (issue vc-status-list-2021#86)See github issue vc-status-list-2021#86. Manu Sporny: this issue concerns our credential revocation mechanism called a status list. It started out as a big bit string, each bit represented a single credential. If there were 100,000 credentials in the list, then that's your herd size. These are public on the web.
Nick Doty: Revocation problem is something we see in other areas, it's a common privacy issue for person checking being revoked -- verifier that's checking if something is revoked -- one concern is you want this to be consistent, issuer gives out credential, check the list and one problem you're having is you want issuer saying list is same for all credentials, not unique URL -- that's a tracking issue -- single credential can be tracked (which is not good). Brent Zundel: The reason that it's public is so that there is less visibility on who is requesting it -- issuer hosts the list, gets less of an idea of where the lists are being used. Nick Doty: Is goal to ensure verifier to know after the fact if something got revoked? Brent Zundel: It would enable revocation/status changes to occur after issuance of credenial, reduce visibilty on where credntial goes -- enables verifier to get up to date status by querying momst current version of the list. Nick Doty: i's not just at presentation time.... if I ever signed in w/ DL, at any future time they'll know if DL gets suspended? Brent Zundel: That is correct. Nick Doty: That seems scary to me.
Nick Doty: That doesn't seem like a goal, when I present my credential to an RP, they want to know it's valid, also they get to subscribe to changes to my DL?
Joe Andrieu: Manu said close to what I said -- you could provide proof of status, I don't think we handle that well -- conceptually, you could do that -- valid status you could check, but we haven't teased that out yet. |
PR #117 has been merged, closing. |
Managing a multi-bit status list has additional implications, such as how to decoy the list data in a believable way -- it's not as simple as just flipping bits now, you have to have expertise on what each status means and how statistically significant flipping each bit is going to be.
In addition there are status list messages that can be defined now that are not needed for the simpler revocation/suspension use cases provided before.
The text was updated successfully, but these errors were encountered: