VPs and timestamps? #877
Comments
|
The fact that the VCDM does not define timestamps for VPs does not mean that they cannot have them, as VPs are as infinitely extensible as VCs. Our implementation has taken the pragmatic approach of using the same start and end time properties for VPs as for VCs. It might not be standardised yet, but it has a fair chance of being so I would suggest. |
There are two mechanisms that can be used to mitigate replay attacks at the digital signature layer. For Data Integrity (was: Linked Data Signatures), all proofs are required to contain a https://w3c-ccg.github.io/data-integrity-spec/#signatures How much time is allowed to pass before a signature is seen as invalid by a verifier is up to the verifier to determine. Our implementations tend to use 5 minutes (to account for clock skew between systems). The other mechanisms that the Data Integrity spec uses to prevent replays are the https://w3c-ccg.github.io/data-integrity-spec/#signatures The presentation request protocols typically request that presentations contain at least a domain (set by verifier) and challenge (set by verifier) values: https://w3c-ccg.github.io/vp-request-spec/#did-authentication-request I expect most/all of these things to be buttoned down when the new VC2WG starts up (in a few months). |
Sakurann
added
pending close
|
Given that JWTs and Data Integrity have such mechanisms, I don't think we need to do this in VPs themselves. |
|
The issue was discussed in a meeting on 2022-08-24
View the transcript3.2. VPs and timestamps? (issue vc-data-model#877)See github issue vc-data-model#877. Kristina Yasuda: So the next issue ... the ask was, could we have a timestamp in VP to prevent replay attacks? Manu Sporny: I think we already cover this concept around timestamp / of when a VP is created. JWTs have multiple ways of expressing a datetime and DI also has that as well. Kristina Yasuda: I think I agree. Any objections to mark this pending closed based on Manu's explanation?
Manu Sporny: One more item -- just so it gets in the record. We also have the concept of challenges and nonce in the variety of the protocols. Lee said -- "what about things to mitigate replay attacks?". Well, we have nonces and challenges and creation dates for the signatures in every security mechanism we're contemplating. Kristina Yasuda: You also put that in your comment, right?
Kristina Yasuda: I think you're asking how we include claims attested to by the user? Joe Andrieu: That's right. One of the examples in the VC use cases... Citizenship by Parentage has the citizen / holder making statements about how different VCs relate together. Manu Sporny: I totally agree with the use case being a valid one -- I'm wondering about the extra complexity.
Manu Sporny: I'm worried about adding to the complexity in the VP. I'd like to keep that as simple as we can. Dave Longley: Yes, going to agree with Manu. We have primitives around interop here, VC can make any claims we want to -- seems we can re-use that primitive here and make self-attested claims. When we already have the primitive that does the job, we should continue to use it unless there is a strong reason to do something new. Michael Jones: Given that's Joe's on the call... I tried to read the issue last night but I was confused. It sounded like you wanted a schema for these claims. There wasn't a clear ask for these particular properties or attributes. Joe Andrieu: I appreciate the feedback. Kristina Yasuda: Based on the comments we've heard using VCs, is that acceptable or do you want to continue the conversation? Joe Andrieu: It's a good question. No one has voiced support for the idea -- maybe there isn't support in the community but also maybe it's just a new idea. Kristina Yasuda: I think there's interest, I agree with Manu's comment to give people to think about this and come back to it. Joe Andrieu: Yes, I'll edit it right now. Kristina Yasuda: One more issue for today... |
|
No objections after marked |
There's currently no specification for timestamps in VPs, meaning that presenters can't mitigate the risk of replay attack by limiting their presentation validity to a short window during which the verifier verifies the VP.
What's the intended workflow regarding timestamp verification here? For example, is validFrom and validUntil only for the credential, and the presentation doesn't have any timestamp? Or are presentations meant to carry timestamps also? It looks like some signatures have a "created" field, but AFAIK (and I'm not an expert on signature formats) that's not required, so (1) retrieving the signature creation timestamp would be ad-hoc at best, and unreliable at worst, and (2) it doesn't give a way for the signer to limit validity duration to mitigate replay attack risk.
Relevant, useful convo: spruceid/ssi#387
The text was updated successfully, but these errors were encountered: