Re: New Work Item Proposal: Revocation List 2020 from Manu Sporny on 2020-05-02 (public-credentials@w3.org from May 2020)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 2 May 2020 16:51:15 -0400
To: Mike Lodder <mike@sovrin.org>, Orie Steele <orie@transmute.industries>, Adrian Gropper <agropper@healthurl.com>
Cc: Daniel Hardman <daniel.hardman@evernym.com>, Credentials Community Group <public-credentials@w3.org>, Michael Chen <shihjay2@gmail.com>, Karan Verma <karnverma@alumni.stanford.edu>
Message-ID: <1cde413a-a44a-ce98-205d-79751e058e2e@digitalbazaar.com>

On 5/2/20 11:53 AM, Mike Lodder wrote:
> To answer your question Orie, we absolutely can do Jon revocation 
> with BBS+ in ZKP fashion.

Yes, accumulator-based mechanisms are neat and have a high potential to
be useful. That's where we started too.

BBS+ originated around 2006, formalized in 2008 (if memory serves),
seems to have survived academic peer review... and has yet to make it
through any IETF Crypto Forum Research Group gauntlet or federal
information security standard (that I know of).

For example, FIPS 186-5 doesn't mention it (nor do many of the other
NIST publications).

My point being that BBS+ Signatures are crypto that has yet to go
through any of those processes, which can take 5-10 years from the
moment you decide to take the task on (which costs millions of dollars).

That's not to say that it shouldn't be attempted. As I mentioned in the
previous thread, Digital Bazaar is very supportive of getting this BBS+
Signature stuff moving. Getting it deployed into a production
government, healthcare, or high security system is a whole other matter.

I want folks to keep that in mind when comparing RevocationList2020
(which can be deployed into production very soon now -- because it uses
known and approved crypto and processes) and this
BBSRevocationAccumulator202X proposal (which may take up to a decade,
because it uses relatively new and "unproven" crypto).

That said, we started standardizing JSON-LD over a decade ago for this
very reason, this stuff takes time. So, it looks like we want to do
this, so let's do this... but be aware of the time lines and that we
have companies that need to ship product today.

The conversation jumped at some point to where we're not making an
apples to apples comparison. One of the apples you can eat today, the
other one you'll have to wait 5+ years for.

It's possible I missed an IETF RFC or NIST (or equivalent) publication
that makes BBS+ Signatures something we can use immediately... and I
hope I did, because that'd be great.

What's the status and timeline of BBS+ Signatures on the IETF CFRG
standards track or adoption by NIST?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Saturday, 2 May 2020 20:51:35 UTC