Decentralized identifiers (DIDs)

Question

I started studying DID a few days ago but I have a doubt. A transaction is always associated with the public key of a DID right? Each transaction is written in the blockchain and is immutable. Suppose someone steals my private key and I want to revoke my DID. A bank application (for example) is not well designed and uses refers to the public key of an old transaction. In this case what happens? I don't know if my question is clear enough

Answer 1

emerSSL allows update certificate (and associated privkey). It happening, because of SSL serial used as a DID key. See more: https://emerssl.emercoin.com/

Answer 2

I'm not sure what do you exactly mean by a transaction. You can use DID for many use cases, signing a transaction could be just one of them (but it depends what is the transaction if a particular blockchain supports crypto algorithms used by specific DID).

Overall, if your DID is written to a blockchain and is publicly available, a bank or other party should resolve the DID Document containing the current public key. That allows you to rotate your keys, which means creating a new key pair when your private key leaks.

Answer 3

1. A serious business (such as a bank) is unlikely to use a stale public key from an old state of a DID. I'd imagine they will be using a trust worthy DID resolver, or run their own resolver.

2. A serious business would mandate 2FA/MFA (2/Multi Factor Authentication) for any serious transaction. Assuming you don't have 2FA/MFA setup for your bank account, someone stealing your private key is like someone stealing your bank account password, they can do what you can, that is by design.

3. Recovery/revoke mechanism depends on the DID method. For sidetree based methods, there is the concept of a recovery operation that you can perform using a "master" key. You are meant to keep this key very securely and never use it for your day to day activities.

To be clear, "DID recovery" in my opinion is one of the (if not the) most challenging problem/barrier to DID's mass adoption, and remains to be "solved" completely.

Answer 4

The public key associated to the DID is stored in the DID document and the DID document can be updated (DID document is not immutable, only the DID unique identifier is immutable).

If you private key is compromised you can remove the public key from the DID document. The updating process is defined in corresponding DID method that DID uses.