ACA-Py - Credo: didexchange/1.0 vs 1.1

[dbluhm]

trafficstars

With the recent updates to didexchange adding support for did:peer:2/4, we also added support for the did_rotate~attach attachment. This technically bumps our protocol support up to 1.1. Credo correctly made this version bump which is causing interop issues since we're sending 1.0 and they're expecting 1.1.

The naive fix would be to just find replace 1.0 for 1.1 but that could break other agents we interop with on 1.0. Handling both would be preferable. I personally wouldn't mind too terribly if we gated the did_rotate~attach on version or not.

@swcurran I believe it would be wise for us to make sure this correction makes it into 0.12.0

[swcurran]

OK — let’s discuss at our Maintainer’s Meeting tomorrow (2024.01.30).

[andrewwhitehead]

I believe Credo should accept didexchange/1.0 according to DIDComm versioning.

[dbluhm]

Drawing from https://github.com/hyperledger/aries-rfcs/blob/main/concepts/0003-protocols/README.md#semver-rules-for-protocols

Within a given major version of a protocol, an agent should:

• Respond to a minimum supported minor version, defaulting to "0".
  • An agent SHOULD keep minimum supported minor version at "0" unless it is unsecure or extremely complicated to do so.
• Respond with or initiate a protocol instance the current fully supported minor version.

Using did:peer:2 or 4 without did_rotate~attach might be enough to consider it "insecure" and dropping support for 1.0. :man_shrugging: