- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 2 Nov 2018 15:37:10 -0400
- To: public-credentials@w3.org
On 11/2/18 1:01 PM, Anders Rundgren wrote:
> To me this is utter nonsense.
Clearly, we're miscommunicating. Kevin understands the point I'm
making... more below.
On 11/2/18 1:14 PM, Kevin O'Brien wrote:
> For what it's worth, speaking from a developer's point of view, I
> appreciate libraries which make it so I don't have to figure out
> what parameters to be passing, but rather can just rely on it doing
> what needs to be done.
Right, this is the point I'm making wrt. the move to COSE for Key
formats and Signature formats.
For example, here's a JWK:
{
"kty": "EC",
"crv": "P-256",
"x": "MKBCTNIc...Tu6KPAqv7D4",
"y": "4Etl6SRW...bM4IFyM",
"d": "870MB6gf...Vdj3eAE",
"use": "sig",
"kid": "1"
}
... and an equivalent multibase-58 encoded COSE Key:
"multibaseCoseKey": "z6MUnZW9gcmYqt...4PdoH5s1jW"
The point I'm making is that *Web developers* don't need to know
what the x, y, and d parameters are. Cryptography libraries do, but
those libraries can extract the information without having to bother
application developers with those details.
To understand how complex some of these formats can get, check out:
https://github.com/w3c/vc-data-model/issues/237
... it would probably be a really bad idea to expose all of those
cryptographic knobs and buttons to Web developers.
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Friday, 2 November 2018 19:37:35 UTC