W3C home > Mailing lists > Public > public-credentials@w3.org > November 2018

Re: JSON-LD vs JWT for VC

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 2 Nov 2018 12:42:26 -0400
To: public-credentials@w3.org
Message-ID: <3f9ab6b5-f89d-3264-ebee-c6a6b7a1ea14@digitalbazaar.com>
On 11/2/18 12:10 PM, Mike Lodder wrote:
> The point that Chris is making I agree with. If you can alter the 
> data after a signature has been computed in anyway...

Can you complete that sentence?

"If you can alter the data after the signature has been computed..." AND
then what happens?

Anyone can alter the data after the signature has been computed, but
what's the attack? What if the only difference is the addition of a
single white space that is not semantically meaningful? Is that the
attack? If so, how is it an attack? Are we talking about a) changing the
message in a semantically meaningful way, or b) in any way?

... and if you don't allow "any changes", then how do you tell whether
or not two messages are semantically the same or not?

-- manu

PS: To be clear, these are questions that various communities at W3C and
the broader mathematics communities have been researching for 20+ years
-- and there are best practices around them as well. Some of us know
what the answers to the questions I'm asking above are and I'm just
trying to find out where there is a deviation in your thought process
from ours, if any.

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Friday, 2 November 2018 16:42:56 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:50 UTC