DID WG Topic Call on finishing the Security and Privacy Questionnaire — Minutes
Date: 2020-12-08
See also the Agenda and the IRC Log
Attendees
Present: Kyle Den Hartog, Shigeya Suzuki, Markus Sabadello, Adrian Gropper, Drummond Reed, Juan Caballero, Joe Andrieu, Manu Sporny, Orie Steele, Kaliya Young, Ted Thibodeau Jr.
Regrets:
Guests:
Chair: Brent Zundel
Scribe(s): Joe Andrieu
Adrian Gropper: https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit#
Drummond Reed: re: note at the beginning.
… I’ll work on it now and we can come back
Adrian Gropper: Tom Jone’s comment
Joe Andrieu: agreed. non-correlatable identifiers are not a thing
Manu Sporny: can we just strike?
consensus: yep
Adrian Gropper: next
Joe Andrieu: I don’t understand how the comment relates to the highlighted section of text
… I see, if we can keep the PII out, we can minimize the lawyers
Adrian Gropper: next
Shigeya Suzuki: based on Orie’s comment, we can remove my question.
Orie Steele: perhaps though, we should add more text about how services might be related to sensitive information
Shigeya Suzuki: common understanding is that the type is clearly defined; as an outsider, that wasn’t clear.
Orie Steele: one suggestion would be to say that we have many types of verification methods. maybe we need some concrete service types to help illustrate what we are talking about.
… the fact that there is a way to distinguish them is enough for me.
Adrian Gropper: ok. moving on.
… Manu could you take a stab at replying to Tom’s items?
Manu Sporny: sure.
Adrian Gropper: LD security. Can we downgrade security settings?
Joe Andrieu: seems like we don’t provide any mechanisms for downgrading default browser security mechanisms
Adrian Gropper: next
Orie Steele: public key representations and signature suites are different things
… this used to have some different text that I was responding to. I think we can just dismiss the comment completely.
consensus: yes, let’s resolve
Adrian Gropper: next
… accepting suggestions on passive network attacks
… next are some easy ones (resolving)
… more editorial changes (resolving)
Joe Andrieu: we should probably say that DID Methods and DID Resolution, which define the protocols over the network, are subject to active attacks, however this specification does not define anything subject to such attacks.
Adrian Gropper: can we move on?
Orie Steele: looks great
Adrian Gropper: next
Manu Sporny: we should talk about that 51% attack #
… should really be something like 2f+1
Joe Andrieu: something that the problem applies to methods that rely on consensus
Adrian Gropper: we’re good?
consensus: yep
Adrian Gropper: next
Kyle Den Hartog: I’m good with Orie’s adjustments
Adrian Gropper: I’m accepting it
Joe Andrieu: agropper 3.4 also?
Orie Steele: yep that’s a continuation of Kyle’s items
Adrian Gropper: next, legitimate misuse
Kyle Den Hartog: this is calling out that you can publish things about the user, that’s still a misuse
Orie Steele: disclosing any information you aren’t the rightful controller of, is a legitimate misuse.
Kyle Den Hartog: yes, let’s call out that distinction
Orie Steele: note there is a link explaining the meaning of legitimate misuse
Kyle Den Hartog: we might want to call out contexts that use unique identifiers to identifier resolution of the did document
… that is if you copy the context into your DID Document, you can trigger a resolution to that context
Orie Steele: mugshots use case
… about the intention to provide types for DIDs that are incorrect
… that is the assignment of attributes that are not under the control of the controller
… e.g., MS allows the assignment of a type property like “software package”, which can be abused by a controller assigning the wrong type
… There is a general category for software services that are safe harbors for criminal activity. Any public DID method is at risk for such consideration.
Drummond Reed: this is not something specific to DIDs
… because DIDs are associated with a quality of immutability, it accentuates the potential for that kind of abuse
Kyle Den Hartog: we inherit these issues when methods are ledger based
Adrian Gropper: next
Orie Steele: yes, we address data minimization. tell them to read the friendly spec
Drummond Reed: data minimization is an important consideration in this specification and we cover it extensively
Adrian Gropper: next: 4.2
Orie Steele: this is pretty good. the piece about the spec registries maybe should be bolded.
… anytime you take an extension your are extending the privacy set of considerations
Adrian Gropper: ok. next
Orie Steele: we can maybe remove the link, if someone can vet that the URL supports the assertion.
consensus: yep.
Adrian Gropper: next
Joe Andrieu: drop the feature should include any protocols. we dropped that to focus on a data model spec
… perhaps listing all of the features that are optional, which are mechanisms to “drop the feature” as appropriate.
Adrian Gropper: this is the last thing, modulo comments that came in above since our last meeting
Kyle Den Hartog: time check
Manu Sporny: time’s up we should wrap
… a few of us can stay and wrap
… 10 minutes max
… I think that’s in. Adrian, are you happy taking this to the next step?
… just the top section
Joe Andrieu: yep, that looks great
Manu Sporny: adrian, can you notify the group that we are done here, so the chairs know we can engage the TAG and PING
Adrian Gropper: yep.
Joe Andrieu: that’s a wrap