What Are Trust Lists and Registries?

Trust lists and registries are the practical mechanisms that enable verifiers to know which issuers and credentials to trust. They provide the reference points that verification systems use to determine whether a credential is legitimate.

The trust anchor problem

When a verifier receives a credential, they need to answer several questions: Is this credential from a legitimate issuer? Is the issuer’s public key authentic? And where applicable, is the credential still valid (not expired or revoked)? Trust lists and registries provide the reference information verifiers use to make these decisions, either through locally stored data or through trusted update mechanisms.

Without these reference points, verifiers would have no way to distinguish a credential from the California DMV from one signed by an imposter. Trust lists establish which public keys belong to legitimate issuers, enabling verifiers to accept authentic credentials and reject fraudulent ones.

How do trust lists work?

A trust list is essentially a directory of approved issuers and their public keys. Verifiers preload these lists into their systems, enabling them to check credentials without querying external services at verification time.

Trust lists commonly contain approved issuers and their public keys (or certificates). In the mDL ecosystem, AAMVA’s Digital Trust Service is designed to provide relying parties with a secure way to obtain the issuing authority's public keys needed for verification. When a traveler presents an mDL, the reader checks the credential's signature against these preloaded keys. If the signature validates against a key in the trust list, the credential is accepted. Depending on the protocol and deployment, verifiers can support offline-capable verification by using locally stored trust material and periodically updated status information.

Verifier registries

Trust doesn’t only flow from issuers to verifiers, holders and wallets also benefit from knowing whether a verifier is legitimate. Some ecosystems support this through verifier authorization mechanisms such as verifier attestations, trusted certificates, or approved relying-party lists that wallets can use to recognize authentic verifier requests.

These controls help reduce phishing and “credential harvesting” attacks, where a fraudulent service pretends to be a trusted verifier in order to collect personal information. Depending on the program, wallets may show the verifier’s verified name, warn on unknown verifiers, or require additional user confirmation for high-risk requests.

Status and revocation services

Beyond issuer trust, verification systems need to confirm that specific credentials remain valid. A credential might be cryptographically authentic, signed by a legitimate issuer, but still be invalid because it has been revoked, expired, or suspended.

Credential status mechanisms provide this information when the ecosystem supports them, either via online checks or via periodically downloaded, authenticated status data. When a driver’s license is suspended, the issuer may update credential status so verifiers can determine whether it remains valid, depending on the program’s status and revocation model.

Privacy-preserving designs can use techniques such as batched or list-based status mechanisms, where verifiers periodically download authenticated status information and check it locally. This reduces or eliminates per-presentation queries to the issuer, helping limit issuer visibility into when and where specific credentials are used.

Publishing and distribution

Trust lists and registries must be distributed securely to verifiers and kept up to date. New issuers may be added to trust frameworks. Public keys may be rotated. Credentials may be revoked. Verifiers need timely access to these updates.

Distribution mechanisms vary by use case. High-security environments might use dedicated secure channels. Consumer applications might retrieve updates over the internet with appropriate authentication. The key requirement is that verifiers always have access to current, authentic trust information.

The infrastructure of trust decisions

Every time a verifier accepts or rejects a credential, they're consulting, explicitly or implicitly, trust lists and registries. These reference points transform abstract trust relationships into concrete verification decisions. They ensure that the governance commitments established by trust frameworks are actually enforced at the moment of verification.