Re: Trust of first use question - invitations between DIDs and MITM

Oskar van Deventer
 

Hi Manas,

DID-based communications only happen after establishing a DID relationship. Private persons may not have public invitation information open for phishers to use. Moreover, it is a good practice that the party who contacts you identifies themselves first. One should never pass any sensitive credentials to a party that has been insufficiently identified.

Still, SSI is about self-sovereignty. So your policy how to respond to phishers may be different from mine, including a definition of what constitutes an "arbitrary requests of attributes". We could document some best practices if we deem that useful.

Oskar

Join indy@lists.hyperledger.org to automatically receive all group messages.