Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 0 additions & 29 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -2944,41 +2944,12 @@ <h2>Non-Repudiation</h2>
[=DID resolution=] process.
</li>
<li>
The subject is monitoring for unauthorized updates as elaborated upon in
[[[#notification-of-did-document-changes]]].
</li>
<li>
The subject has had adequate opportunity to revert malicious updates according
to the authorization mechanism for the [=DID method=].
</li>
</ul>
</section>

<section>
<h2>Notification of DID Document Changes</h2>

<p>
One mitigation against unauthorized changes to a [=DID document=] is
monitoring and actively notifying the [=DID subject=] when there are changes.
This is analogous to helping prevent account takeover on conventional
username/password accounts by sending password reset notifications to the email
addresses on file.
</p>
<p>
In the case of a [=DID=], there is no intermediary registrar or account
provider to generate such notifications. However, if the [=verifiable data
registry=] on which the [=DID=] is registered directly supports change
notifications, a subscription service can be offered to [=DID controllers=].
Notifications could be sent directly to the relevant [=service endpoints=]
listed in an existing [=DID=].
</p>
<p>
If a [=DID controller=] chooses to rely on a third-party monitoring service
(other than the [=verifiable data registry=] itself), this introduces another
vector of attack.
</p>
</section>

<section>
<h3>Revocation in Trustless Systems</h3>

Expand Down