Orie Steele

case in point, if I add `__proto__` and it gets preserved with a warning instead of a thrown error, and then some system passes that "valid VC" to another verifier...

perhaps we can split this up into: 1. `@vocab` detection MUST/SHOULD yield a warning. 2. `@vocab` is included in credentials/v2 I could be supportive of both, but 1 is decidedly...

apparently folks are already exploiting this behavior... https://github.com/blockchain-certificates/cert-verifier-js/blob/master/src/inspectors/computeLocalHash.js#L67

ping @msporny @dlongley

@msporny might we consider adding a warning or throwing an error if `@vocab` is detected? As you can see, folks are already digging graves for their users with this feature.

@dlongley nobody is going to implement tooling support for non-normative requirements... IMO this is a spec issue, and presence of `@vocab` should result in an error, or at least a...

This issue is a bit of a tire fire... can we split this up into a few separate issues? IMO they should be: 1. Add warning about `@vocab` to spec....

another developer bitten by `@vocab` https://gist.github.com/gorazdko/d40eda20846a8e20ac277f81e5661d34#vc-js-test-case Do I need to weaponize this to get it fixed ? :)

A - (verifiable presentation) -> B prover / presenter / from: The party A, such that A presents to B using a verifiable presentation. verifier / receiver / recipient /...

For the record: PROPOSAL: define holder (undirected), receive / present (directed actions) .... receiver, presenter (directed).