Re: DID Spec "Hardening" Proposal (was: Re: DID PR review deadline: October 24)

There's a lot of good stuff in here -- thanks Drummond and Christian!

I added detailed comments to the doc, but a high level observation: many of
the changes related to tightening key definitions (in my mind) are broadly
useful, i.e. beyond the DID spec. Those include:
- clarification of created/updated
- curve key/types reference (Appendix B) -- this made my day, thank you!
- encoding

I am not sure exactly where these belong; perhaps we need some combination
of:
1. update https://web-payments.org/vocabs/security
2. publish appendix B and reference it from places like the security
vocabulary, signature suites, etc

This would separate "Key" data model changes from the DID spec, and spread
the benefits of these suggestions.

Thanks,
Kim


On Tue, Oct 24, 2017 at 9:01 AM =Drummond Reed <drummond.reed@evernym.com>
wrote:

> Folks,
>
> The good news was that there was a TON of interest in the DID spec at Internet
> Identity Workshop <http://www.internetidentityworkshop.com/> #25. I gave
> three complete presentations on it and we had several other related
> sessions.
>
> The bad news (well, not really) is that there was a ton of feedback.
> People are really starting to care deeply about making sure the DID spec,
> as the foundation for a global DPKI (decentralized public key
> infrastructure
> <https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf>),
> is solid as a rock.
>
> On the Friday after IIW I had a long breakfast with Christian Lundkvist
> of uPort where we discussed this and developed a proposal for how to handle *key
> descriptions* and *service descriptions* in a data graph so simple it can
> be serialized unambiguously in any modern format. Yesterday I wrote up this
> proposal in this Google doc
> <https://docs.google.com/document/d/1amDNmBqu8uXKeEqdoZ2RMaaxiUlqUKyKoyi8YgGWG6M/edit?usp=sharing>
> (publicly viewable by anyone with the link).
>
> This proposal also includes the recommendation that interoperability at
> the DID layer is so crucial that *every key description* and *every
> service description* should have a corresponding spec (even if fairly
> lightweight).
>
> I have not had a chance to share this with Manu or anyone else yet
> besides Christian (to make sure I got it right) and the Evernym DID team
> (as a sanity check and to get input on how it helps with DKMS support).
>
> We can of course translate this into an actual PR against the current
> draft spec—and we will do that when ready—but it seemed easiest to share it
> in this format first for discussion.
>
> Talk to you tomorrow,
>
> =Drummond
>
>
>
> On Thu, Oct 19, 2017 at 2:59 AM, Timothy Holborn <
> timothy.holborn@gmail.com> wrote:
>
>> Found a relevent IETF RFC[4] re: trust anchors[2]
>>
>> On Thu, 19 Oct 2017 at 18:09 Timothy Holborn <timothy.holborn@gmail.com>
>> wrote:
>>
>>> very quickly.  was looking at the overview[1] and saw the concept "root
>>> of trust <https://en.wikipedia.org/wiki/Trust_anchor>" which hyperlinks
>>> to Trust Anchor[2].  I suggest either defining a new wikipedia page for the
>>> term[3] rather than simply a redirect, or change the term used in the spec
>>> doc.
>>>
>>> more l8r.
>>>
>>> Tim.H.
>>>
>>> [1] https://w3c-ccg.github.io/did-spec/#overview
>>> [2] https://en.wikipedia.org/wiki/Trust_anchor
>>> [3]
>>> https://en.wikipedia.org/w/index.php?title=Root_of_Trust&action=history
>>>
>> [4] https://tools.ietf.org/html/rfc5914
>>
>>>
>>> On Thu, 19 Oct 2017 at 17:49 Timothy Holborn <timothy.holborn@gmail.com>
>>> wrote:
>>>
>>>> On Thu, 19 Oct 2017 at 08:20 Manu Sporny <msporny@digitalbazaar.com>
>>>> wrote:
>>>>
>>>>> On 10/18/2017 01:50 PM, Kim Hamilton Duffy wrote:
>>>>> > Manu -- what are your thoughts?
>>>>>
>>>>> Steven, at this point the only feedback we're looking for is only
>>>>> technical in nature and even then, based on whether the text reflects
>>>>> consensus at Rebooting the Web of Trust 5, which you weren't at.
>>>>>
>>>>
>>>> Is this a RWOT spec?
>>>>
>>>> If so, it should be marked as such.   This CG can then make one
>>>> inspired by it, if/as required.
>>>>
>>>> Therein, the spec should be moved to the RWOT repo?
>>>>
>>>>
>>>>>
>>>>> In other words, the spec isn't ready for your kind of valuable feedback
>>>>> yet... it would largely be a waste of your time to correct the large
>>>>> swaths of the spec text that may be confusing for non-implementers that
>>>>> are buried in the details right now.
>>>>>
>>>>> I expect that we may need your review help in a few months time from
>>>>> now. As always, thanks for offering and we will certainly take you up
>>>>> on
>>>>> it once it becomes a good use of your time.
>>>>>
>>>>
>>>> I'll review and have a look; and am not sure of the specifics, whilst
>>>> noting important principles herein.
>>>>
>>>> IMHO: it's important to be inclusive and the W3 IPR framework is not
>>>> unintentionally misaligned in some way that is against the spirit of this
>>>> structure.
>>>>
>>>> I  guess.  try not to oversimplify imho.  might end-up with unintended
>>>> consequences. (technically speaking).
>>>>
>>>>
>>>>> -- manu
>>>>>
>>>>> best wishes,
>>>>
>>>> tim.
>>>>
>>>>
>>> --
>>>>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>>>>> Founder/CEO - Digital Bazaar, Inc.
>>>>> blog: Rebalancing How the Web is Built
>>>>> http://manu.sporny.org/2016/rebalancing/
>>>>>
>>>>> --
Kim Hamilton Duffy
CTO & Principal Architect Learning Machine
Co-chair W3C Credentials Community Group
400 Main Street Building E19-732, Cambridge, MA 02139

kim@learningmachine.com | kimhd@mit.edu
425-652-0150 | LearningMachine.com

Received on Tuesday, 24 October 2017 14:10:31 UTC