alt Hacker NewsHave you read the spec? I have, but I don't understand how the revocation flow is supposed to be safe against collusion between issuers/governments and site owners to reveal the identity of (age verified) users.
Have you read the spec? I have, but I don't understand how the revocation flow is supposed to be safe against collusion between issuers/governments and site owners to reveal the identity of (age verified) users.
Can you model the flow of the attack you want to mount here?
Is it the following:
Issuer revokes the wallet of Alice and then publicly says “This ID is Alice btw” and then verifiers can check their lists to see whether any of their received signatures are revoked (in which case they must be Alice)