W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

Re: New Work Item Proposal: Revocation List 2020

From: Mike Lodder <mike@sovrin.org>
Date: Fri, 5 Jun 2020 12:13:06 -0600
Message-ID: <CAPhnkk7PWgHwjX9UmODBrx779Ezez6JUFJpkB4Jw6TDiF0FBDA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>

In looking at ISO /IEC 20008 and ISO 20009 which are used in government
agencies, BBS+ is an approved algorithm due to its use in EPID. Both were
formalized years ago.
This just goes to show that BBS+ is already being used by gov't and may not
be as big of a blocker as supposed.
EPID is already deployed in many Intel chips and is approved in the TPM 2.0
Hope that helps with adoption barries.

On Sat, May 16, 2020 at 9:50 AM Manu Sporny <msporny@digitalbazaar.com>

> On 5/13/20 12:53 PM, Nikos Fotiou wrote:
> > Each CA maintains a different revocation bitvector per date. Each
> > certificate belongs to the bitvector that corresponds to the
> > certificate's expiration date. So suppose that a CA has generated 1K
> > certificates that expire the same date, a client that wishes to
> > verify the status of one of them will download in the worst case 1K
> > bits.
> Yes, I understood that... and that is useful... but it's not new nor is
> it novel. There is prior art going back multiple decades covering
> exactly what the paper you linked to is covering. I expect that no one
> did a prior art search on the paper and it slipped through the academic
> rigour firewall as a result. It happens.
> I hesitate to post this to the mailing list, but will do so with the
> following disclaimer.
> There were a flurry of patents filed on this concept in the late 1990s
> and early 2000s... all of them abandoned, because, well, the concept was
> unpatentable. If you do a patent search, which you absolutely should not
> do if you work for a corporation in the US (your legal counsel should do
> it for you), you will find that there is a graveyard of abandoned patent
> applications related to peer to peer networks and CRL bitvectors.
> The paper you pointed to is a great idea... documenting a concept
> discovered 20-30 years prior to the publication of the paper. :)
> Even further, 20-30 years is being generous... here's the operating
> manual for the ENIAC, the first electronic general-purpose digital
> computer (circa 1945):
> http://www.bitsavers.org/pdf/univOfPennsylvania/eniac/ENIAC_Operating_Manual_Jun46.pdf
> Documentation for testing the accumulators are on page 7. There are
> punch card programs going back to the same years where the accumulators
> were used to express mathematical membership in a set, where the bit was
> active (1) if the item was in the set and inactive (0) when the item
> wasn't in the set.
> Same concept as the Revocation List 2020... from 65 years in the past.
> What was old is new again. :)
> -- manu
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches

Mike Lodder
Security Maven
Received on Friday, 5 June 2020 18:13:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 5 June 2020 18:13:31 UTC