Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[beyond-did-web] neglect of pre-rotation for did:webs #39

Open
nkongsuwan opened this issue Feb 10, 2024 · 0 comments
Open

[beyond-did-web] neglect of pre-rotation for did:webs #39

nkongsuwan opened this issue Feb 10, 2024 · 0 comments

Comments

@nkongsuwan
Copy link

nkongsuwan commented Feb 10, 2024

In Section Key Rotation, the following is stated:
... the DID document needs to be updated to publish a new public key. In order to fulfill the requirements listed above, the old private key must still be accessible ...

This is not accurate for did:webs that utilizes the key pre-rotation scheme in KERI. In did:webs, two sets of keys are specified in each key event, namely the current keys and the next keys. The current keys are keys that appear in the DID Document. However, the next keys are pre-committed using hash digests in the key event. The next keys are unexposed until they are used for rotation.

Hence, the (old) current keys may be missing, and the controller can still use the next keys to perform rotation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant