Hey there, I'm one of the developers on
cert-wallet. I've noticed a common point of confusion with how our app works, and I wanted some feedback from the community to choose how to best resolve it.
Right now, one of the key promises that the Blockcerts standard claims is strong proof of ownership. If a certificate is issued to me, then not only should I be able to prove that certificate is valid, but I should also prove that I'm the intended recipient of that certificate.
The problem is, this current iOS app doesn't reflect this model. I'm able to import, display, and validate certificates without that proof of ownership. All I need to do is find a certificate with someone who has a similar name to mine, and I'd be able to (falsely) claim ownership.
I think we should focus the purpose of the wallet to only be for certificates that I own. When you import a certificate, it does a check with the on-device keychain to make sure it's been issued to an address I own. If so, great! If not, then the import will fail with an error message simply stating that you don't own that certificate.
This changes the app to meet the expectation that a lot of users already have -- if I've got a verified Blockcert in my digital wallet, then it's proof that I accomplished something.
Since this is a restrictive change, I want it to be gradual over the next few weeks so folks can have time to adjust. I think we can do it in 4 steps:
- Add the ability to check ownership on import. This will be in the settings, but turned off by default. This will help us get confident that we're not rejecting any valid certificates.
- Make the ownership more restrictive. You can no longer view unowned certificates -- now you get a message saying you don't own this certificate and should contact the issuer to re-issue you a certificate.
- Turn the setting on by default.
- Remove the setting entirely.
What do folks think?