Root of Trust in Verification

[toreini]

Adding the points in the issue #5 raised by @torgo:
It is unclear where the root of trust in the digital credentials is. I can infer the trust is coming from the integrity and proofs provided by the Digital Wallet, under the assumption that it has already verified the physical credentials and government records. This approach is not bullet-proof. An old example is the traceability attacks to e-passports, and a newer attack to digital wallets.

Wallets identity verification pipeline is also vulnerable to new forms of attack, some examples:

• presentation of synthetic physical document to evade the digital authenticity checks: (AdvGen: Physical Adversarial Attack on Face Presentation Attack Detection Systems, Synthetic ID Card Image Generation for Improving Presentation Attack Detection). Even there are websites selling synthetic fake credentials.
• spoofing the 3D liveness tests: Multi-Modal Spoofing Attacks on 3D Face Liveness Detection via a Single 2D Photo and UniID: Spoofing Face Authentication System by Universal Identity.

I believe root of trust (and acknowledging its complications) needs to be clarified somewhere in the document.

[jyasskin]

I don't think the Wallet is acting as a root of trust. It stores and forwards signatures that were generated by another authority, like a country's (jurisdiction's) identity infrastructure, and websites have to have a list of those jurisdictions' signing keys in order to check the signatures. (Or possibly it creates an intermediate certificate that's signed by the jurisdiction's identity infrastructure, but that's also not a root.) It's also possible for an intermediary server to check the jurisdictions' signing keys to reduce the number of roots the webservers need to trust.

The attacks above seem to be about convincing a trust root to provision some signatures into a wallet that shouldn't have them. The European requirement that wallets only run on attested devices is, I think, meant to defend against a similar attack: that those signatures could be copied out of a less-secure wallet.

So I wouldn't call this a question about roots of trust, but rather about how well the roots can check that they're vouching for the right intermediaries.

[martinthomson]

As @jyasskin says, the root of trust for the credentials themselves is left out of scope (this is a problem as much as it is a feature in my mind, but I completely understand that choice).

Mostly.

As Jeffrey says, the issuance of credentials to a wallet often depend on having the wallet make an attestation about its capabilities. Issuing authorities might need to have a list of the entities that operate wallets -- and the TPMs upon which those wallets depend -- so that they can issue credentials with less risk of credential sharing. I personally think that this is a misreading of the threat model: any such misuse of a credential is pretty obviously traceable. Still, it's a very common stipulation in system designs for wallets.

There are other questions of root of trust inherent to this system, if wallets are expected to verify claims of relying parties/verifiers. That is, if you need to be authorized to access certain credentials by the issuing authority or some other entity, then the wallet will need to have trust anchors for that operation.

Ehsan's other point (which might be a separate issue) is about potential weaknesses in the issuance system. In particular, the process by which an authority is convinced that a certain person is present. This is a problem with any issuance system. For example, the analogous system on the web is ACME, which relies on an unreliable system: the DNS. (Yeah, the CAs are starting to use DNSSEC, but the DNS ecosystem is not. And the entire routing layer of the internet is enough of a mess that even with a verifiable DNS, you can't really be sure of ownership. For credentials issued to people, at scale, there are very many ways to get that wrong. Thankfully, that part is not in scope for us.

[toreini]

Yes, I agree with both your points. This is why I mentioned the root of trust here is unclear and assumed known to the audience (which makes it open to interpretation). Maybe I am being a bit sceptical but this is due to my previous conversations with credential verification companies, in which they had many issues with reliable verification. In reality, as the current status-quo, the verification is often outsourced to trusted third-party private companies. They seem to have many issues with the current trends in the presentation, or a reliable registration of a genuine physical credential, especially if they do not have antennas or SoC, or not mDL compatible. UK Driving License particularly seem to be a challenging credential as it does not have a chip, but it is a valid identity card.

While acknowledging the technical details and threat modelling on digital wallet being out of scope, I’d still like to include some sentences on ensuring to use reliable digital wallets or at least do not take it with 100% trust. It is like while we all agree password-based authentication is not a good solution for authentication, we still advise for high-entropy passwords, at least to prevent some levels of harm.

[martinthomson]

Discussed 2025-08-14: We might mention the trust in wallets as a genuine issue (because an untrustworthy wallet might be used for impersonation and other forms of abuse of identity). However, we want to rule that entire domain out of scope.