W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

Re: json-ld signatures with Ed25519VerificationKey2018

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 3 Jun 2020 11:05:50 -0400
To: public-credentials@w3.org
Message-ID: <a5791440-091f-86ce-b52f-ed6ddf6af779@digitalbazaar.com>
On 6/3/20 10:10 AM, Dave Longley wrote:
> An effort was made with the Ed25519Signature2018 and RsaSignature2018
> signature suites to get more alignment with JWS -- and expressing the
> signature value as a JWS in this manner is the outcome of that.

I'll also note that this attempt to bring the two communities together
has, IMHO, utterly failed. It just resulted in unnecessary complexity,
which you're being exposed to (and that's not a good thing).

Now that Transmute is dedicated to producing a Linked Data Security
suite for JWS, and there seems to be momentum building around that
initiative, the Ed25519Signature2020 will probably drop all support for
JOSE/JWS and use "proofValue" instead of "jws" moving forward. Doing so
will lead to a reduced security attack surface and more easily auditable
code for Ed25519Signature2020 because implementers we won't have to pull
in loads of JOSE code (e.g., all of secp256r1, all of secp256k1, all of
RSA, and all of Ed25519).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Wednesday, 3 June 2020 15:06:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 3 June 2020 15:06:04 UTC