Skip to content

Harden change-notification guidance #909

Description

@msporny

From the SING review:

  1. Change-notification hardening – emphasized the attack surface (spoofing, DoS, linkability) and need for authenticated, rate-limited channels.
  • Notification channels MUST authenticate their sources and integrity-protect messages.
  • Implementers SHOULD bind notifications to DID state deltas (prev-hash → new-hash + timestamp) and apply rate limits.
  • Specs SHOULD explicitly call out that third-party or aggregated channels present the risk of spoofing, DoS, or linkability.

Metadata

Metadata

Assignees

Labels

class 2Changes that do not functionally affect interpretation of the documentpr existsThere is an open PR to address this issuesecurity-trackerGroup bringing to attention of security, or tracked by the security Group but not needing response.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions