Agencies and a verification of request to forward messages


One of the functions of an Agency endpoint is to forward messages to a cloud agent. This provides network anonymity and avoids connection correlation between agents. This forwarding feature could also be provided by a ‘proxy’ agency that hosts no agents, but forwards messages purely for the security it provides as an extra layer.

When I create a new DID, I need to ask my Agency agent to forward inbound messages for that DID to my agent. I can make this request, and perhaps provide payment for such services.

Here’s the question: How does the agency know that I should be receiving those messages? Particularly for Ledgerless DIDs, there may be no public record of the DID, and no way to verify a signature. Also, is this really a problem?

The attack surface is small: Such a false registration would only be useful if a message were actually sent to the Agency for that DID. But what if it did? What if somebody else had already requested forwarding for that DID with intent to deceive or block?

This may entirely be a non-issue. Any thoughts?


I thought it that it probably doesn’t matter. If you are doing it maliciously, either before or after you made the request the real owner would also make the request and the Agency would detect the conflict and have a resolution method.

To verify control, the Agency could tell you see something using it’s existing channel with you and then send a message with some other information to the each of the keys of the new DID and expect back an answer with both pieces of information. Seems like a lot of work for a seemingly benign issue.

The only other scenario I can think of is the DID is from an Identity at another Agency. However, you then have to convince someone to send messages for that DID to your Agency. That would require messing with the microledger communication, which seems tricky.