Add warning related to protecting integrity of @context #1051
Conversation
msporny
requested review from
dlongley,
TallTed,
mprorock,
brentzundel,
dmitrizagidulin,
iherman,
OR13,
peacekeeper and
Sakurann
There was a problem hiding this comment.
I think there may be some use cases where a claim includes a URL, and the issuer really only wants to attest to the URL itself, not the content behind it. In fact, in such a use case both the issuer and verifier may be perfectly happy with the content behind the URL changing from time to time. They just want to make sure that the URL itself is correct.
Anyway, this PR doesn't preclude that and in general feels very valuable, especially with regard to @context.
index.html
Outdated
| <strong><code>944167aaabd904ea9e35c98fd7e8794eb6dd42ae4666b036b171e87fc34cc7cc</code></strong>, | ||
| can be used to implement a local cached copy. It is possible to confirm the | ||
| SHA-256 digest by running the following command from a modern Unix command | ||
| interface line: `curl -s https://www.w3.org/ns/credentials/v2 | sha256sum`. For | ||
| convenience, the base context is also provided below. | ||
| interface line: `curl -s https://www.w3.org/ns/credentials/v2 | sha256sum`. It |
There was a problem hiding this comment.
sha256sum seems less desirable than using openssl...
There was a problem hiding this comment.
@OR13 — Suggest the alternative command?
index.html
Outdated
| Mechanisms used to secure <a>credentials</a> and <a>presentations</a>, such | ||
| [[VC-JWT]] and [[VC-DATA-INTEGRITY]], address securing the contents of the | ||
| credential itself (item #1 in the previous paragraph). The SHA-256 digest of | ||
| JSON-LD Contexts, as well as locally cached copies, address item #2 in the |
There was a problem hiding this comment.
This is probably editorial, but It would be nice to not have to jump back / refer back to read the intention.
There was a problem hiding this comment.
It would be nice to not have to jump back / refer back to read the intention.
Yes. I would suggest bumping the 1-3 into a list, with each information item immediately followed by the mechanism used to address it. Item #3 would need some suggestion of how to address it.
index.html
Outdated
| default. It is considered a best practice to ensure that the same sorts of | ||
| protections are provided for any URL that is critical to the security of the | ||
| credential through the use of permanently cached files or cryptographic hashes. | ||
| See the <a href="https://w3c.github.io/vc-imp-guide/#content-integrity">Content |
There was a problem hiding this comment.
can we use data-cite instead?
index.html
Outdated
| The base context, located at | ||
| <code>https://www.w3.org/ns/credentials/v2</code> with a SHA-256 digest of | ||
| The base context, located at <code>https://www.w3.org/ns/credentials/v2</code> | ||
| with a SHA-256 digest of | ||
| <strong><code>944167aaabd904ea9e35c98fd7e8794eb6dd42ae4666b036b171e87fc34cc7cc</code></strong>, |
There was a problem hiding this comment.
I think we should consider also adding a hash of the JCS-canonized version of the context to eliminate any differences from whitespace, etc.
There was a problem hiding this comment.
The non-canonized hash I get if I use the current v2 context in the repo is this:
e41d1743c941b8003a4689e6e844b7f6ae0b9970ed81aa918bd781977bdba8b2
The JCS-canonized hash I get is this:
d64fce2a2f642ddf9f74a6aa01eb16efdaa822d0380d4891d310f3a1e085e671
Neither of these matches the value here, which may just be out of date.
There was a problem hiding this comment.
Fixed in aa4d74c ... which has a different hash than the two items above.
I'm trying to avoid the use of JCS because it isn't common tooling. The downside of doing that is, of course, any errant spacing/tabbing changes the hash.
There was a problem hiding this comment.
I approve the PR, but I would flag some thoughts for later. The recent WG discussions make a clear difference between credentials and verifiable credentials. I think once the dust settles, we will have to go through the spec with a fine comb to see when we use one term and when the other. I presume this new section is a typical case where the warning should also apply to a credential and not to a verifiable credential only (e.g., in case the verification is done by encapsulating the credential in a JWT).
(see also #1044)
|
I commented as requested here |
|
The issue was discussed in a meeting on 2023-03-14
View the transcript2.4. Add warning related to protecting integrity of @context (pr vc-data-model#1051)See github pull request vc-data-model#1051. Manu Sporny: This one ... people gave comments on the PR and in issues and in my email inbox... I have to reconcile all that first. |
msporny
force-pushed
the
msporny-cip-warning
branch
from
20a2ae5 to
7825669
Compare
msporny
requested review from
selfissued,
decentralgabe and
awoie
as code owners
msporny
force-pushed
the
msporny-cip-warning
branch
from
535dfe2 to
cb1d455
Compare
msporny
force-pushed
the
msporny-cip-warning
branch
from
cb1d455 to
6a4be3f
Compare
|
Editorial, multiple reviews, changes requested and made, no objections, merging. |
This PR addresses #956 by adding text suggested by the issue creator, with modifications to align it with the rest of the specification.
Preview | Diff