Re: Trust of first use question - invitations between DIDs and MITM

Daniel Hardman
 

Manas, your scenario could theoretically happen, but it assumes a carelessness by B that feels unrealistic to me. Essentially, B is deciding to share private info with an unknown stranger. If B decides to do that, then of course bad things can happen--but the bad things are the result of B's bad decision, not the result of a protocol that lacks key protections.

ALL proving with verifiable credentials, whether it uses Indy or not, and whether it's related to connecting/DID exchange or not, should ALWAYS begin with the question, "Do I really want to prove these facts to the other party?" I would not prove my date of birth and SSN to a complete stranger, remotely, using today's physical credentials--so why would I prove it using tomorrow's verifiable credential ecosystem?

When the verifier is an institution (which is the most common variant of use cases that most people in the VC space are implementing today), then the verifier has less privacy concerns than the private individual, so the verifier should prove first--not in parallel. Example: verifier is Thrift Bank, and asks Alice to prove her SSN and date of birth. Before Alice decides whether to honor the request, she says, "Prove who you are" -- and Thrift Bank does so. Once Alice knows who she's talking to, she then decides whether to reveal the PII that's being requested. Not before.

This gets harder when both parties are private individuals, because then you can have a chicken-and-egg problem. But in those cases, I believe that one or both of the following conditions will usually be true:

A. There's some supporting context that makes the proving more reasonable. For example, the two parties just met face-to-face at a conference, are standing next to one another, and have already reached a certain level of trust. Or one individual is a seller on Amazon and the other is a potential buyer; the the seller can reasonably prove seller reputation to start the sharing.

B. Trust can be ratcheted in stages. Instead of going straight for sensitive PII like a social security number, you could begin by disclosing low-trust things (prove that you're a ticket holder for this plane flight; prove your initials and the zip code you live in), and you only get to the high-risk proofs once you've laid an appropriate foundation. This ratcheting is particularly easy when you have predicates and ZKPs, but it can also be done with other credential types.

Join indy@lists.hyperledger.org to automatically receive all group messages.