DID WG Topic Call on finishing the Security and Privacy Questionnaire — Minutes

Date: 2020-12-08

See also the Agenda and the IRC Log

Attendees

Present: Kyle Den Hartog, Shigeya Suzuki, Markus Sabadello, Adrian Gropper, Drummond Reed, Juan Caballero, Joe Andrieu, Manu Sporny, Orie Steele, Kaliya Young, Ted Thibodeau Jr.

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Joe Andrieu

Adrian Gropper: https://docs.google.com/document/d/13qLCZcks3OAb2V7GHcrSs8s9drA5OaqEPYPI1knmodc/edit#

Drummond Reed: re: note at the beginning.
… I’ll work on it now and we can come back

Adrian Gropper: Tom Jone’s comment

Joe Andrieu: agreed. non-correlatable identifiers are not a thing

Manu Sporny: can we just strike?

consensus: yep

Adrian Gropper: next

Joe Andrieu: I don’t understand how the comment relates to the highlighted section of text
… I see, if we can keep the PII out, we can minimize the lawyers

Adrian Gropper: next

Shigeya Suzuki: based on Orie’s comment, we can remove my question.

Orie Steele: perhaps though, we should add more text about how services might be related to sensitive information

Shigeya Suzuki: common understanding is that the type is clearly defined; as an outsider, that wasn’t clear.

Orie Steele: one suggestion would be to say that we have many types of verification methods. maybe we need some concrete service types to help illustrate what we are talking about.
… the fact that there is a way to distinguish them is enough for me.

Adrian Gropper: ok. moving on.
… Manu could you take a stab at replying to Tom’s items?

Manu Sporny: sure.

Adrian Gropper: LD security. Can we downgrade security settings?

Joe Andrieu: seems like we don’t provide any mechanisms for downgrading default browser security mechanisms

Adrian Gropper: next

Orie Steele: public key representations and signature suites are different things
… this used to have some different text that I was responding to. I think we can just dismiss the comment completely.

consensus: yes, let’s resolve

Adrian Gropper: next
… accepting suggestions on passive network attacks
… next are some easy ones (resolving)
… more editorial changes (resolving)

Joe Andrieu: we should probably say that DID Methods and DID Resolution, which define the protocols over the network, are subject to active attacks, however this specification does not define anything subject to such attacks.

Adrian Gropper: can we move on?

Orie Steele: looks great

Adrian Gropper: next

Manu Sporny: we should talk about that 51% attack #
… should really be something like 2f+1

Joe Andrieu: something that the problem applies to methods that rely on consensus

Adrian Gropper: we’re good?

consensus: yep

Adrian Gropper: next

Kyle Den Hartog: I’m good with Orie’s adjustments

Adrian Gropper: I’m accepting it

Joe Andrieu: agropper 3.4 also?

Orie Steele: yep that’s a continuation of Kyle’s items

Adrian Gropper: next, legitimate misuse

Kyle Den Hartog: this is calling out that you can publish things about the user, that’s still a misuse

Orie Steele: disclosing any information you aren’t the rightful controller of, is a legitimate misuse.

Kyle Den Hartog: yes, let’s call out that distinction

Orie Steele: note there is a link explaining the meaning of legitimate misuse

Kyle Den Hartog: we might want to call out contexts that use unique identifiers to identifier resolution of the did document
… that is if you copy the context into your DID Document, you can trigger a resolution to that context

Orie Steele: mugshots use case
… about the intention to provide types for DIDs that are incorrect
… that is the assignment of attributes that are not under the control of the controller
… e.g., MS allows the assignment of a type property like “software package”, which can be abused by a controller assigning the wrong type
… There is a general category for software services that are safe harbors for criminal activity. Any public DID method is at risk for such consideration.

Drummond Reed: this is not something specific to DIDs
… because DIDs are associated with a quality of immutability, it accentuates the potential for that kind of abuse

Kyle Den Hartog: we inherit these issues when methods are ledger based

Adrian Gropper: next

Orie Steele: yes, we address data minimization. tell them to read the friendly spec

Drummond Reed: data minimization is an important consideration in this specification and we cover it extensively

Adrian Gropper: next: 4.2

Orie Steele: this is pretty good. the piece about the spec registries maybe should be bolded.
… anytime you take an extension your are extending the privacy set of considerations

Adrian Gropper: ok. next

Orie Steele: we can maybe remove the link, if someone can vet that the URL supports the assertion.

consensus: yep.

Adrian Gropper: next

Joe Andrieu: drop the feature should include any protocols. we dropped that to focus on a data model spec
… perhaps listing all of the features that are optional, which are mechanisms to “drop the feature” as appropriate.

Adrian Gropper: this is the last thing, modulo comments that came in above since our last meeting

Kyle Den Hartog: time check

Manu Sporny: time’s up we should wrap
… a few of us can stay and wrap
… 10 minutes max
… I think that’s in. Adrian, are you happy taking this to the next step?
… just the top section

Joe Andrieu: yep, that looks great

Manu Sporny: adrian, can you notify the group that we are done here, so the chairs know we can engage the TAG and PING

Adrian Gropper: yep.

Joe Andrieu: that’s a wrap