diff --git a/index.html b/index.html index b9fc5c31..fb2e5126 100644 --- a/index.html +++ b/index.html @@ -4810,54 +4810,64 @@
- Recovery is a reactive security measure, whereby a controller is able - to regain the ability to perform DID operations. +Recovery is a reactive security measure whereby a controller that has +lost the ability to perform DID operations, such as through the loss of a +device, is able to regain the ability to perform DID operations.
-- Recovery is advised when a controller or services trusted to act on - their behalf no longer have the exclusive ability to perform DID - operations as described in . +
+The following considerations might be of use when contemplating the use of +DID recovery:
-- It is considered a best practice to never reuse a verification method - or key material associated with recovery for any other purposes. -
+- Recovery is commonly performed in conjunction with - verification method rotation - and verification method revocation. -
+- There are no common recovery mechanisms that apply to all DID Methods. -
+- DID method specifications might choose to enable support for a - quorum of trusted parties to facilitate recovery. Some of the - facilities to do so are suggested in Section - . -
+- Not all DID method specifications will recognize control from - DIDs registered using other DID methods and they might - restrict third-party control to DIDs that use the same method. -
+- Access control and recovery in a DID method - specification can also include a time lock feature to protect against - key compromise by maintaining a second track of control for recovery. -
+- Performing recovery proactively on an infrequent but regular basis, - can help to ensure that control has not been lost. -