...
The did:web
method specification has started to get signifiant adoption, but it is still fundamentally flawed from a security standpoint by its reliance on DNS trust infrastructure, which is susceptibility susceptible to hijacking attacks (among other issues). In addition, the did:web method adds further vulnerabilities due to the reliance of storing a DID document (that is entirely authoritative for the associated cryptographic keys) on a Web server.
Just as Web infrastructure made the progression from the insecure http: to the secure https: protocoprotocol, the goal of the did:webs
method is to specify a secure version of did:web.
...