Skip to content

Harden change-notification guidance #909

New issue
New issue
Open
Open
Harden change-notification guidance#909
Labels
class 2Changes that do not functionally affect interpretation of the documentready for prIssue is ready for a PR
@msporny

Description

@msporny
msporny
opened on Oct 20, 2025

From the SING review:

  1. Change-notification hardening – emphasized the attack surface (spoofing, DoS, linkability) and need for authenticated, rate-limited channels.
  • Notification channels MUST authenticate their sources and integrity-protect messages.
  • Implementers SHOULD bind notifications to DID state deltas (prev-hash → new-hash + timestamp) and apply rate limits.
  • Specs SHOULD explicitly call out that third-party or aggregated channels present the risk of spoofing, DoS, or linkability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    class 2Changes that do not functionally affect interpretation of the documentready for prIssue is ready for a PR

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions