Clarify integrity protection / use of hashlinks

[nikolockenvitz]

The spec outlines a basic concept for integrity protection, but it leaves a few important aspects unclear.

did-method-web/index.html

Lines 533 to 551 in 3302643

	<section>
	<h3>
	DID Document Integrity Verification
	</h3>
	<p>
	Additional mechanisms such as <a
	href="https://tools.ietf.org/html/draft-sporny-hashlink">Hashlinks</a>
	MAY be utilized to aid in integrity protection and verification of the
	DID document.
	<br />
	Under such a scenario the hash of the DID document could be recorded
	to a trusted or distributed store and the retriever of the DID
	document would generate a hash of the DID document in their posession
	with the hash retrieved to ensure that no tampering with the DID
	document had occurred.
	</p>
	</section>

Like, how would the verifier know, which registry is used to store the hashes and who is authorized to add hashes for the corresponding DID?
This should be clearly defined in a spec (did web or an extension to it) and if some of the information can be dynamic (e.g., where the hashes are stored), it may be part of the DID URL itself.
Without further specification how integrity protection works in detail, I don't see how it helps at all to protect integrity of the DID documents.

Is there an implementation of this approach or more details that you could provide?

[dmitrizagidulin]

@nikolockenvitz Great questions. I think I added that section to the spec as a general "future work" sort of item?
But there has been a lot of discussion on this since then.
And some of it is even captured here https://github.com/WebOfTrustInfo/rwot12-cologne/blob/main/advance-readings/did-web-2.0.md#self-certifying-hash-in-did-url -- which is a proposed paper for next week's Rebooting Web of Trust conference.