W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 14 Jun 2016 10:59:35 -0400
Message-ID: <57601BD7.9080208@digitalbazaar.com>
To: public-credentials@w3.org
On 06/14/2016 10:34 AM, David Chadwick wrote:
> And if I do not want to register a subject ID, can I simply use my 
> public key as my subject ID and submit the same string twice?

In theory, yes.

In practice, no one has built out that kind of system because it doesn't
address many of the use cases we have. Some see it as an evolutionary
dead end - it's great for pseudo-anonymity, but doesn't address the vast
majority of multi-origin use cases we have.

What would need to be done to achieve what you are saying is:

1. A terse public key identifier/fingerprint format
2. A digital signature suite that uses the public key fingerprint
   as the creator of the signature.
3. A protocol that uses #1 and #2 above.

#1 and #2 are not difficult. #3 is a lot of work, but is do-able.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Web Browser API Incubation Anti-Pattern
http://manu.sporny.org/2016/browser-api-incubation-antipattern/
Received on Tuesday, 14 June 2016 15:00:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC