Add David Chadwick's privacy analysis document #73
Conversation
msporny
changed the title
|
Addresses #71. |
|
I'm wondering if JSON-LD's @context loading mechanism should be taken into account as this may leak some data to the server serving the context. |
|
@retog good point... can you raise an issue on that, please? Something along the lines of "Privacy implications of loading JSON-LD context". The first attack that I can think of is adding a "tracking context" that is unique to each credential issued, so you know which site is loading the context. Holder software (digital wallets) could warn the holder that they are using a verifiable credential that may be tracking them by detecting a non-standard context that is being used (in that, the software has never seen that particular context among the MANY holders on the system). |
|
@manu I wonder if overuse of the signature nonce could be misused as a tracking context. Certainly something that should be added to the questions for a security review on spec. |
|
@ChristopherA Yes, the signature value itself can be used as a tracking context, even without a nonce. We'd need some sort of ZKP mechanism to escape that... and even then, if there are identifiers in the data that are long-lived, we fall into the same trap. Please raise another issue on this point. |
|
+1 to merge -- good as a first cut. |
Convert @David-Chadwick's privacy analysis to ReSpec format.