Fix grammar related to content integrity and JSON-LD Base Context.

msporny · msporny · commit 7825669ad9f1 · 2023-04-03T11:54:06.000-04:00
diff --git a/index.html b/index.html
@@ -4864,38 +4864,41 @@ <h2>Contexts, Types, and Credential Schemas</h2>
       <section class="informative">
         <h3>Base Context</h3>
           <p>
-The base context, located at
-<code>https://www.w3.org/ns/credentials/v2</code> with a SHA-256 digest of
+The base context, located at <code>https://www.w3.org/ns/credentials/v2</code>
+with a SHA-256 digest of
 <strong><code>944167aaabd904ea9e35c98fd7e8794eb6dd42ae4666b036b171e87fc34cc7cc</code></strong>,
 can be used to implement a local cached copy. It is possible to confirm the
 SHA-256 digest by running the following command from a modern Unix command
-interface line: `curl -s https://www.w3.org/ns/credentials/v2 | sha256sum`.
+interface line: `curl -s https://www.w3.org/ns/credentials/v2 | sha256sum`. It
+is strongly advised that all JSON-LD Contexts used in an application utilize a
+similar mechanism to ensure end-to-end security.
           </p>
           <p>
 This section serves as a reminder of the importance of ensuring that, when
 verifying <a>verifiable credentials</a> and <a>verifiable presentations</a>, the
 <a>verifier</a> has information that is consistent with what the <a>issuer</a>
-had when securing the <a>credential</a> or <a>presentation</a>. This information
-might include at least: 1) contents of the credential itself; 2) any content
-included by reference in the credential; 3) any content transitively included by
-reference.
+or <a>holder</a> had when securing the <a>credential</a> or <a>presentation</a>.
+This information might include at least: 1) contents of the credential itself;
+2) any content linked to via a URL in the credential; 3) any content linked to
+via a URL, which then links to more content via a URL (and so on).
           </p>
           <p>
 Mechanisms used to secure <a>credentials</a> and <a>presentations</a>, such
-as digital signatures, address securing the contents of the credential itself
-(item #1 in the previous paragraph). The SHA-256 digest of the Base Context in
-this section addresses securing the context information (item #2 in the
-previous paragraph).
+[[VC-JWT]] and [[VC-DATA-INTEGRITY]], address securing the contents of the
+credential itself (item #1 in the previous paragraph). The SHA-256 digest of
+JSON-LD Contexts, as well as locally cached copies, address item #2 in the
+previous paragraph.
           </p>
           <p>
-However, it does not cryptographically protect other content referenced such as
-other JSON-LD Contexts or files referenced via URLs. It is considered a best
-practice to ensure that the same sorts of protections are provided for other
-JSON-LD Contexts and URLs through the use of permanently cached files or
-cryptographic hashes for linked information that is critical to a specific use
-case. See the Content Integrity section of the Verifiable Credential
-Implementation Guide to verify that content it either fetches remotely or caches
-locally is consistent with what the <a>issuer</a> intended.
+However, other data that is referenced from within a credential, such as
+resources that are linked to via URLs, are not cryptographically protected by
+default. It is considered a best practice to ensure that the same sorts of
+protections are provided for any URL that is critical to the security of the
+credential through the use of permanently cached files or cryptographic hashes.
+See the <a href="https://w3c.github.io/vc-imp-guide/#content-integrity">Content
+Integrity</a> section of the Verifiable Credential Implementation Guide to
+verify that content it either fetches remotely or caches locally is consistent
+with what the <a>issuer</a> or <a>holder</a> intended.
           </p>
           <p>
 For convenience, the base context for the Verifiable Credential Data Model v2.0
