Credential Verification after DID Controller Update

[simibac]

Lets's say an issuer creates a VC for Alice. The issuer DID on this credential is did:example:1234 and is controlled by did:ethr:addr1 where addr1 is a Ethereum address. When Alice presents this VC to a verifier, the verifier can resolve the did:example:1234and its controller and checks whether it was signed by addr1. All good so far.

At some point the issuer updates the DID document and the DID controller is now did:ethr:addr2. Now the verifier is no longer able to validate the signature of the VC. Does that mean an update to the DID document of did:example:1234 may lead to an invalidation of all VC that are previously issued by the did:example:1234?

[mirceanis]

Yes, generally this is the expected behaviour when any verificationMethods are removed from a DID document.
If a verification method is no longer listed in the DID document, then all signatures corresponding to that method are considered invalid.
The same reasoning applies to controller DIDs.
From a spec perspective, all verification methods listed by the controller DID document should be considered equivalent to the ones in the issuer DID document. So, a controller change would be equivalent to a revocation of all those verificationMethods.
In practice, this is not always the case. Actually, I'm not aware of any verifier implementation that uses controller verification methods (of course, my knowledge of the current state of the ecosystem is quite limited). Perhaps @awoie or @rado0x54 can shed more light here.