Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 9 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
An encrypted or secure virtual space where information can be deposited or retrieved anonymously, with the presenter maintaining control over disclosure to prevent re-identification of data subjects across different verification contexts.
In the context of KERI and verifiable credential systems, a dead drop refers to encrypted or secure virtual spaces where information can be deposited or retrieved anonymously. The defining characteristic is that the presenter controls the disclosure, which prevents re-identification of the data.
This concept was discussed in a KERI technical meeting on June 27, 2023, where the community explored how dead drop mechanisms enable privacy-preserving credential presentations. The term draws from cybersecurity and digital privacy scenarios where asynchronous information exchange occurs without direct interaction between parties, while maintaining cryptographic security properties.
The dead drop concept operates within KERI's broader privacy framework. According to the SPAC (Secure Privacy, Authenticity, and Confidentiality) protocol specification, identity systems face a fundamental challenge called the PAC Trilemma: "One can have any two of the three (privacy, authenticity, confidentiality) at the highest level but not all three."
The SPAC model prioritizes:
Graduated Disclosure Strategy: Implementers should design disclosure workflows that start with minimal information (compact disclosure using SAIDs) and progressively reveal details based on verifier actions or contractual agreements. This mirrors the operational security of physical dead drops.
Identifier Management: Dead drop functionality requires careful management of AIDs to prevent correlation. Consider using context-specific or ephemeral identifiers for different verification scenarios, with proper key management to maintain control.
Contractual Frameworks: Chain-link confidentiality requires legal agreements that bind recipients to confidentiality obligations. Implementers should integrate contractual acceptance into disclosure workflows.
Revocation Privacy: When implementing TEL-based revocation for anonymous credentials, consider privacy-preserving registry designs that allow revocation checking without revealing presenter identity.
User Interface Design: Dead drop mechanisms require users to make informed disclosure decisions. Interfaces should clearly indicate what information is being revealed and to whom, with sensible defaults that protect privacy.
Threat Modeling: As noted in the SPAC specification, privacy protection is resource-constrained. Implementers should clearly document threat models and acknowledge that dead drop mechanisms provide effective privacy against most adversaries but not absolute anonymity against state-level actors.
Within this framework, dead drops address the privacy dimension by enabling presenter-controlled disclosure while maintaining authenticity through cryptographic verification. The SPAC specification distinguishes between "cold war" security (authenticity and confidentiality, which can be arbitrarily strong through cryptographic means) and "hot war" security (privacy, which is resource-constrained and depends on limiting correlation opportunities).
The critical privacy property of dead drops is correlation resistance. The SPAC protocol recognizes that absolute privacy against adversaries with unlimited resources is unattainable, so it focuses on effective privacy through protection against exploitable correlation.
In credential presentation scenarios:
Dead drops enable this privacy dimension by allowing presenters to control what information is disclosed and preventing verifiers from re-identifying data subjects across different contexts. Even when multiple verifiers receive presentations, the mechanism prevents them from cryptographically linking these presentations to the same subject without additional information.
The fundamental principle underlying dead drop functionality is presenter control: the entity presenting credentials determines precisely what information is shared, when it is shared, and under what conditions. This contrasts with traditional credential systems where issuers or verifiers may have greater control over disclosure patterns.
This control mechanism ensures that:
While the specific cryptographic mechanisms and protocols that enable dead drop functionality in KERI are not detailed in the available sources, the concept clearly relates to KERI's broader architecture for privacy-preserving credentials. The June 27, 2023 technical meeting discussion indicates ongoing community consideration of how dead drop patterns integrate with KERI's existing privacy and disclosure mechanisms.
The terminology and concept appear to be evolving within the KERI ecosystem, as indicated by multiple glossary entries marked 'TBW' (To Be Written), suggesting that detailed specifications and implementation guidance for dead drop functionality may still be under development as of mid-2023.
Dead drops relate to KERI's credential presentation protocols where:
This balance between verifiable authenticity and privacy protection reflects the SPAC model's recognition that these properties must be carefully balanced rather than maximized independently. The dead drop pattern provides one mechanism for achieving this balance in credential presentation scenarios where privacy is a priority concern.