w3c
diff --git a/‎ed/algorithms/did-1.1.json‎
Lines changed: 13 additions & 13 deletions b/‎ed/algorithms/did-1.1.json‎
Lines changed: 13 additions & 13 deletions
@@ -24,28 +24,28 @@
           "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-43\">DID method</a> specification <em class=\"rfc2119\">MUST</em> define how authorization is performed to\nexecute all operations, including any necessary cryptographic processes."
         },
         {
-          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-44\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-12\">DID controller</a>\ncreates a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-66\">DID</a> and its associated <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-93\">DID document</a>."
+          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-44\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-12\">DID controller</a>\ncreates a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-67\">DID</a> and its associated <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-94\">DID document</a>."
         },
         {
-          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-45\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-4\">DID resolver</a> uses a\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-67\">DID</a> to resolve a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-94\">DID document</a>, including how the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-5\">DID resolver</a> can verify the authenticity of the response."
+          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-45\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-4\">DID resolver</a> uses a\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-68\">DID</a> to resolve a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-95\">DID document</a>, including how the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-5\">DID resolver</a> can verify the authenticity of the response."
         },
         {
-          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-46\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify what constitutes an update to a\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-95\">DID document</a> and how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-13\">DID controller</a> can update a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-96\">DID document</a> <em>or</em> state that updates are not possible."
+          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-46\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify what constitutes an update to a\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-96\">DID document</a> and how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-13\">DID controller</a> can update a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-97\">DID document</a> <em>or</em> state that updates are not possible."
         },
         {
-          "html": "The <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-47\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-14\">DID controller</a> can\ndeactivate a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-68\">DID</a> <em>or</em> state that deactivation is not possible."
+          "html": "The <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-47\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-14\">DID controller</a> can\ndeactivate a <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-69\">DID</a> <em>or</em> state that deactivation is not possible."
         }
       ]
     },
     {
-      "html": "The requirements for all <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-50\">DID method</a> specifications when authoring the\n<em>Security Considerations</em> section are as follows:",
+      "html": "The requirements for all <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-51\">DID method</a> specifications when authoring the\n<em>Security Considerations</em> section are as follows:",
       "rationale": "if",
       "steps": [
         {
-          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-51\">DID method</a> specifications <em class=\"rfc2119\">MUST</em> follow all guidelines and normative\nlanguage provided in <a data-cite=\"RFC3552#section-5\" href=\"https://www.rfc-editor.org/rfc/rfc3552#section-5\">RFC3552: Writing Security\nConsiderations Sections</a> for the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-69\">DID</a> operations defined in the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-52\">DID method</a> specification."
+          "html": "A <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-52\">DID method</a> specifications <em class=\"rfc2119\">MUST</em> follow all guidelines and normative\nlanguage provided in <a data-cite=\"RFC3552#section-5\" href=\"https://www.rfc-editor.org/rfc/rfc3552#section-5\">RFC3552: Writing Security\nConsiderations Sections</a> for the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-70\">DID</a> operations defined in the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-53\">DID method</a> specification."
         },
         {
-          "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> document the following forms of attack\nfor the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-70\">DID</a> operations defined in the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-53\">DID method</a> specification:\neavesdropping, replay, message insertion, deletion, modification, denial of\nservice, <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-amplification\" class=\"internalDFN\" id=\"ref-for-dfn-amplification-1\">amplification</a>, and man-in-the-middle. Other known\nforms of attack <em class=\"rfc2119\">SHOULD</em> also be documented."
+          "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> document the following forms of attack\nfor the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-71\">DID</a> operations defined in the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-54\">DID method</a> specification:\neavesdropping, replay, message insertion, deletion, modification, denial of\nservice, <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-amplification\" class=\"internalDFN\" id=\"ref-for-dfn-amplification-1\">amplification</a>, and man-in-the-middle. Other known\nforms of attack <em class=\"rfc2119\">SHOULD</em> also be documented."
         },
         {
           "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss residual risks, such as the\nrisks from compromise in a related protocol, incorrect implementation, or cipher\nafter threat mitigation was deployed."
@@ -57,25 +57,25 @@
           "html": "If authentication is involved, particularly user-host authentication, the\nsecurity characteristics of the authentication method <em class=\"rfc2119\">MUST</em> be clearly\ndocumented."
         },
         {
-          "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss the policy mechanism by which\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-71\">DIDs</a> are proven to be uniquely assigned."
+          "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss the policy mechanism by which\n<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-72\">DIDs</a> are proven to be uniquely assigned."
         },
         {
-          "html": "Method-specific endpoint authentication <em class=\"rfc2119\">MUST</em> be discussed. Where <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-54\">DID methods</a> make use of <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-3\">DLTs</a> with varying network topology, sometimes\noffered as <em>light node</em> or <em>\n<a href=\"https://en.bitcoin.it/wiki/Thin_Client_Security\">thin client</a></em>\nimplementations to reduce required computing resources, the security assumptions\nof the topology available to implementations of the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-55\">DID method</a> <em class=\"rfc2119\">MUST</em> be\ndiscussed."
+          "html": "Method-specific endpoint authentication <em class=\"rfc2119\">MUST</em> be discussed. Where <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-55\">DID methods</a> make use of <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-3\">DLTs</a> with varying network topology, sometimes\noffered as <em>light node</em> or <em>\n<a href=\"https://en.bitcoin.it/wiki/Thin_Client_Security\">thin client</a></em>\nimplementations to reduce required computing resources, the security assumptions\nof the topology available to implementations of the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-56\">DID method</a> <em class=\"rfc2119\">MUST</em> be\ndiscussed."
         },
         {
-          "html": "If a protocol incorporates cryptographic protection mechanisms, the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-56\">DID method</a> specification <em class=\"rfc2119\">MUST</em> clearly indicate which portions of the data are\nprotected and by what protections, and it <em class=\"rfc2119\">SHOULD</em> give an indication of the\nsorts of attacks to which the cryptographic protection is susceptible. Some\nexamples are integrity only, confidentiality, and endpoint authentication."
+          "html": "If a protocol incorporates cryptographic protection mechanisms, the <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-57\">DID method</a> specification <em class=\"rfc2119\">MUST</em> clearly indicate which portions of the data are\nprotected and by what protections, and it <em class=\"rfc2119\">SHOULD</em> give an indication of the\nsorts of attacks to which the cryptographic protection is susceptible. Some\nexamples are integrity only, confidentiality, and endpoint authentication."
         },
         {
           "html": "Data which is to be held secret (keying material, random seeds, and so on)\n<em class=\"rfc2119\">SHOULD</em> be clearly labeled."
         },
         {
-          "html": "<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-57\">DID method</a> specifications <em class=\"rfc2119\">SHOULD</em> explain and specify the implementation\nof signatures on <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-99\">DID documents</a>, if applicable."
+          "html": "<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-58\">DID method</a> specifications <em class=\"rfc2119\">SHOULD</em> explain and specify the implementation\nof signatures on <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-101\">DID documents</a>, if applicable."
         },
         {
-          "html": "Where <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-58\">DID methods</a> use peer-to-peer computing resources, such as with all\nknown <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-4\">DLTs</a>, the expected burdens of those resources <em class=\"rfc2119\">SHOULD</em> be discussed\nin relation to denial of service."
+          "html": "Where <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-59\">DID methods</a> use peer-to-peer computing resources, such as with all\nknown <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-4\">DLTs</a>, the expected burdens of those resources <em class=\"rfc2119\">SHOULD</em> be discussed\nin relation to denial of service."
         },
         {
-          "html": "<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-59\">DID methods</a> that introduce new authentication <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-service\" class=\"internalDFN\" id=\"ref-for-dfn-service-13\">service</a>\ntypes, as described in <a href=\"https://w3c.github.io/did/#services\" data-matched-text=\"[[[#services]]]\" class=\"sec-ref\"><bdi class=\"secno\">5.4 </bdi>Services</a>, <em class=\"rfc2119\">SHOULD</em> consider the\nsecurity requirements of the supported authentication protocol."
+          "html": "<a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-60\">DID methods</a> that introduce new authentication <a data-link-type=\"dfn|abstract-op\" href=\"https://w3c.github.io/did/#dfn-service\" class=\"internalDFN\" id=\"ref-for-dfn-service-13\">service</a>\ntypes, as described in <a href=\"https://w3c.github.io/did/#services\" data-matched-text=\"[[[#services]]]\" class=\"sec-ref\"><bdi class=\"secno\">5.4 </bdi>Services</a>, <em class=\"rfc2119\">SHOULD</em> consider the\nsecurity requirements of the supported authentication protocol."
         }
       ]
     }
Original file line number	Diff line number	Diff line change
`@@ -24,28 +24,28 @@`
`24`	`24`	`"html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-43\">DID method</a> specification <em class=\"rfc2119\">MUST</em> define how authorization is performed to\nexecute all operations, including any necessary cryptographic processes."`
`25`	`25`	`},`
`26`	`26`	`{`
`27`		- "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-44\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-12\">DID controller</a>\ncreates a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-66\">DID</a> and its associated <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-93\">DID document</a>."
	`27`	+ "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-44\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-12\">DID controller</a>\ncreates a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-67\">DID</a> and its associated <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-94\">DID document</a>."
`28`	`28`	`},`
`29`	`29`	`{`
`30`		- "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-45\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-4\">DID resolver</a> uses a\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-67\">DID</a> to resolve a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-94\">DID document</a>, including how the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-5\">DID resolver</a> can verify the authenticity of the response."
	`30`	+ "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-45\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-4\">DID resolver</a> uses a\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-68\">DID</a> to resolve a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-95\">DID document</a>, including how the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-resolvers\" class=\"internalDFN\" id=\"ref-for-dfn-did-resolvers-5\">DID resolver</a> can verify the authenticity of the response."
`31`	`31`	`},`
`32`	`32`	`{`
`33`		- "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-46\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify what constitutes an update to a\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-95\">DID document</a> and how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-13\">DID controller</a> can update a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-96\">DID document</a> <em>or</em> state that updates are not possible."
	`33`	+ "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-46\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify what constitutes an update to a\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-96\">DID document</a> and how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-13\">DID controller</a> can update a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-97\">DID document</a> <em>or</em> state that updates are not possible."
`34`	`34`	`},`
`35`	`35`	`{`
`36`		- "html": "The <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-47\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-14\">DID controller</a> can\ndeactivate a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-68\">DID</a> <em>or</em> state that deactivation is not possible."
	`36`	+ "html": "The <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-47\">DID method</a> specification <em class=\"rfc2119\">MUST</em> specify how a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-controllers\" class=\"internalDFN\" id=\"ref-for-dfn-did-controllers-14\">DID controller</a> can\ndeactivate a <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-69\">DID</a> <em>or</em> state that deactivation is not possible."
`37`	`37`	`}`
`38`	`38`	`]`
`39`	`39`	`},`
`40`	`40`	`{`
`41`		`- "html": "The requirements for all <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-50\">DID method</a> specifications when authoring the\n<em>Security Considerations</em> section are as follows:",`
	`41`	`+ "html": "The requirements for all <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-51\">DID method</a> specifications when authoring the\n<em>Security Considerations</em> section are as follows:",`
`42`	`42`	`"rationale": "if",`
`43`	`43`	`"steps": [`
`44`	`44`	`{`
`45`		- "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-51\">DID method</a> specifications <em class=\"rfc2119\">MUST</em> follow all guidelines and normative\nlanguage provided in <a data-cite=\"RFC3552#section-5\" href=\"https://www.rfc-editor.org/rfc/rfc3552#section-5\">RFC3552: Writing Security\nConsiderations Sections</a> for the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-69\">DID</a> operations defined in the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-52\">DID method</a> specification."
	`45`	+ "html": "A <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-52\">DID method</a> specifications <em class=\"rfc2119\">MUST</em> follow all guidelines and normative\nlanguage provided in <a data-cite=\"RFC3552#section-5\" href=\"https://www.rfc-editor.org/rfc/rfc3552#section-5\">RFC3552: Writing Security\nConsiderations Sections</a> for the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-70\">DID</a> operations defined in the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-53\">DID method</a> specification."
`46`	`46`	`},`
`47`	`47`	`{`
`48`		- "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> document the following forms of attack\nfor the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-70\">DID</a> operations defined in the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-53\">DID method</a> specification:\neavesdropping, replay, message insertion, deletion, modification, denial of\nservice, <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-amplification\" class=\"internalDFN\" id=\"ref-for-dfn-amplification-1\">amplification</a>, and man-in-the-middle. Other known\nforms of attack <em class=\"rfc2119\">SHOULD</em> also be documented."
	`48`	+ "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> document the following forms of attack\nfor the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-71\">DID</a> operations defined in the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-54\">DID method</a> specification:\neavesdropping, replay, message insertion, deletion, modification, denial of\nservice, <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-amplification\" class=\"internalDFN\" id=\"ref-for-dfn-amplification-1\">amplification</a>, and man-in-the-middle. Other known\nforms of attack <em class=\"rfc2119\">SHOULD</em> also be documented."
`49`	`49`	`},`
`50`	`50`	`{`
`51`	`51`	`"html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss residual risks, such as the\nrisks from compromise in a related protocol, incorrect implementation, or cipher\nafter threat mitigation was deployed."`
`@@ -57,25 +57,25 @@`
`57`	`57`	`"html": "If authentication is involved, particularly user-host authentication, the\nsecurity characteristics of the authentication method <em class=\"rfc2119\">MUST</em> be clearly\ndocumented."`
`58`	`58`	`},`
`59`	`59`	`{`
`60`		`- "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss the policy mechanism by which\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-71\">DIDs</a> are proven to be uniquely assigned."`
	`60`	`+ "html": "The Security Considerations section <em class=\"rfc2119\">MUST</em> discuss the policy mechanism by which\n<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-decentralized-identifiers\" class=\"internalDFN\" id=\"ref-for-dfn-decentralized-identifiers-72\">DIDs</a> are proven to be uniquely assigned."`
`61`	`61`	`},`
`62`	`62`	`{`
`63`		- "html": "Method-specific endpoint authentication <em class=\"rfc2119\">MUST</em> be discussed. Where <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-54\">DID methods</a> make use of <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-3\">DLTs</a> with varying network topology, sometimes\noffered as <em>light node</em> or <em>\n<a href=\"https://en.bitcoin.it/wiki/Thin_Client_Security\">thin client</a></em>\nimplementations to reduce required computing resources, the security assumptions\nof the topology available to implementations of the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-55\">DID method</a> <em class=\"rfc2119\">MUST</em> be\ndiscussed."
	`63`	+ "html": "Method-specific endpoint authentication <em class=\"rfc2119\">MUST</em> be discussed. Where <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-55\">DID methods</a> make use of <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-3\">DLTs</a> with varying network topology, sometimes\noffered as <em>light node</em> or <em>\n<a href=\"https://en.bitcoin.it/wiki/Thin_Client_Security\">thin client</a></em>\nimplementations to reduce required computing resources, the security assumptions\nof the topology available to implementations of the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-56\">DID method</a> <em class=\"rfc2119\">MUST</em> be\ndiscussed."
`64`	`64`	`},`
`65`	`65`	`{`
`66`		- "html": "If a protocol incorporates cryptographic protection mechanisms, the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-56\">DID method</a> specification <em class=\"rfc2119\">MUST</em> clearly indicate which portions of the data are\nprotected and by what protections, and it <em class=\"rfc2119\">SHOULD</em> give an indication of the\nsorts of attacks to which the cryptographic protection is susceptible. Some\nexamples are integrity only, confidentiality, and endpoint authentication."
	`66`	+ "html": "If a protocol incorporates cryptographic protection mechanisms, the <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-57\">DID method</a> specification <em class=\"rfc2119\">MUST</em> clearly indicate which portions of the data are\nprotected and by what protections, and it <em class=\"rfc2119\">SHOULD</em> give an indication of the\nsorts of attacks to which the cryptographic protection is susceptible. Some\nexamples are integrity only, confidentiality, and endpoint authentication."
`67`	`67`	`},`
`68`	`68`	`{`
`69`	`69`	`"html": "Data which is to be held secret (keying material, random seeds, and so on)\n<em class=\"rfc2119\">SHOULD</em> be clearly labeled."`
`70`	`70`	`},`
`71`	`71`	`{`
`72`		`- "html": "<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-57\">DID method</a> specifications <em class=\"rfc2119\">SHOULD</em> explain and specify the implementation\nof signatures on <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-99\">DID documents</a>, if applicable."`
	`72`	`+ "html": "<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-58\">DID method</a> specifications <em class=\"rfc2119\">SHOULD</em> explain and specify the implementation\nof signatures on <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-documents\" class=\"internalDFN\" id=\"ref-for-dfn-did-documents-101\">DID documents</a>, if applicable."`
`73`	`73`	`},`
`74`	`74`	`{`
`75`		- "html": "Where <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-58\">DID methods</a> use peer-to-peer computing resources, such as with all\nknown <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-4\">DLTs</a>, the expected burdens of those resources <em class=\"rfc2119\">SHOULD</em> be discussed\nin relation to denial of service."
	`75`	+ "html": "Where <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-59\">DID methods</a> use peer-to-peer computing resources, such as with all\nknown <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-distributed-ledger-technology\" class=\"internalDFN\" id=\"ref-for-dfn-distributed-ledger-technology-4\">DLTs</a>, the expected burdens of those resources <em class=\"rfc2119\">SHOULD</em> be discussed\nin relation to denial of service."
`76`	`76`	`},`
`77`	`77`	`{`
`78`		- "html": "<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-59\">DID methods</a> that introduce new authentication <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-service\" class=\"internalDFN\" id=\"ref-for-dfn-service-13\">service</a>\ntypes, as described in <a href=\"https://w3c.github.io/did/#services\" data-matched-text=\"[[[#services]]]\" class=\"sec-ref\"><bdi class=\"secno\">5.4 </bdi>Services</a>, <em class=\"rfc2119\">SHOULD</em> consider the\nsecurity requirements of the supported authentication protocol."
	`78`	+ "html": "<a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-did-methods\" class=\"internalDFN\" id=\"ref-for-dfn-did-methods-60\">DID methods</a> that introduce new authentication <a data-link-type=\"dfn\|abstract-op\" href=\"https://w3c.github.io/did/#dfn-service\" class=\"internalDFN\" id=\"ref-for-dfn-service-13\">service</a>\ntypes, as described in <a href=\"https://w3c.github.io/did/#services\" data-matched-text=\"[[[#services]]]\" class=\"sec-ref\"><bdi class=\"secno\">5.4 </bdi>Services</a>, <em class=\"rfc2119\">SHOULD</em> consider the\nsecurity requirements of the supported authentication protocol."
`79`	`79`	`}`
`80`	`80`	`]`
`81`	`81`	`}`