Add a column for third party security audit to DID Method Registry?

[OR13]

As discussed on the call.

[OR13]

cc @talltree @msporny @peacekeeper

[peacekeeper]

Yes, we discussed what should be done if a DID method is "obviously insecure or malicious".

Besides using the Rubric for evaluating different aspects of decentralization, DID method authors could also publish security audits to generate trust in their method.

[OR13]

We need a happy case and a sad case, to get this started off right...

I offer did:meme, did:github, as unaudited examples... we need at least 1 did method that has been audited to make this a worthwhile endeavor.

[OR13]

I think the rubric is a better place for this. and this should be closeed.

[brentzundel]

as discussed in the call 7-27, closing

[iherman]

The issue was discussed in a meeting on 2021-07-27

• no resolutions were taken

View the transcript

3.11. Add a column for third party security audit to DID Method Registry? (issue did-spec-registries#91)

See github issue did-spec-registries#91.

Orie Steele: To date, no one has volunteered to audit 103+ DID Methods in registry... would be a sparse field... don't have much detail... most of registered methods have barely met registration methods, privacy/security sections existing or more than a section or two existing... This should be closed. I don't think folks are going to want to do this.

Manu Sporny: +1 to closing.

Markus Sabadello: One thing that could be done... add a column for "Evaluation of DID Rubrics"... scope of Rubric has expanded, covers security aspects... links to evaluations of DID Rubric, but Orie is right... will anyone do that?

Brent Zundel: My $0.02, this sounds like a great thing for interested folks to add to a maintenance group, but DID Spec Registries will probably be fine w/o column for 3rd party Rubric audits.
… My recommendation is that we close it, is anyone opposed? Alternatively, we could label it as defer.

Manu Sporny: No objections.

Manu Sporny: Closing 91.