Dear members of the Sovrin forum,
I have some questions on the DPKI aspect of Sovrin.
It seems that in the past there has been a discussion whether to use universal unique DIDs and public keys (for every natural person) or pairwise DIDs and public keys (for every connection between a natural person and an institution). Over the past couple of weeks I have tried to understand those two different cases and what their advantages and disadvantages are, but I am not completely certain whether I understand it well. Below is what I found.
The case with universal unique DIDs:
Potential advantage: A DID and its associated public key can work as a `DPKI certificate’. This enhances the security aspect by providing a secure channel by guaranteeing the authenticity of the public key to a large extent (because a trust anchor is required upon registering).
Potential disadvantage: Whenever the individual discloses the DID or public key to authenticate, its actions can be linked to this DID or public key. This would severely limit the privacy features of the self-sovereign identity management system. In the extreme case this could nullify the privacy-enhancing features given by issuer unlinkability (IU) and multi-show unlinkability (MSU) in the context of attribute-based credentials.
From a privacy perspective, the disadvantage above is the reason why Sovrin decided to switch to pairwise DIDs, correct?
Then the case with pairwise DIDs:
Potential advantage: Unlinkability of DIDs and public keys, therefore not impacting privacy features such as IU and MSU.
Potential disadvantage: The authenticity of the public keys is not guaranteed, right? There is basically a ‘trust on first use’-principle here, right? Wouldn’t this severely limit the guaranteed security? Also, what would in this case be the difference with WhatsApp for instance and their end-to-end-encryption? What is the functional added value by storing the pairwise DIDs on the ledger? Also, wouldn´t using pairwise DIDs significantly increase the amount of traffic on the ledger? I understand that the DID documents contain quite a bit more than just the associated public key which has control over it, such as endpoints and public keys who can perform CRUD operations on the DID documents. But what is the real point of doing that when it is just a pairwise DID? Those public keys to perform CRUD operations should also be unlinkable across different DIDs.
I seem to be missing something crucial here. I hope somebody can explain this to me.
Thanks in advance!