Consider BBS VC + DID `web` as an alternative

[dlongley]

I did not see this mentioned in the "Alternatives considered section", so I figured I'd propose it here:

An alternative mechanism for achieving the use case of "proving control over an email address" could be:

1. An email provider website (the "issuer") publishes a DID (using the DID web method) at the email domain.
2. The issuer issues an Email VC with a BBS "base" proof to the user that includes their email address, e.g., using the DC-API.
3. The verifier (relying party) asks for an Email VC from the user with a BBS "derived" proof, e.g., using the DC-API.
4. The user provides the Email VC with an unlinkable BBS "derived" proof.
5. The verifier retrieves the issuer's DID document (including the key used to verify the BBS "derived" proof) and verifies the proof.

EDIT: A side note: VCs can often serve more than one use case and the unlinkable feature of a BBS proof might be of more use there. Other types of digital signatures are of course possible. A VC used here could potentially also be used in these others ways (but not limited to just these):

1. Proof of control of an account at a provider (without revealing more).
2. Proof of a shared email address (perhaps a business use case) without revealing the specific individual.
3. Proof of an email address at a particular domain without revealing the specific email address.