Re: What are VCs similar to? from Leonard Rosenthol on 2021-08-23 (public-credentials@w3.org from August 2021)

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Mon, 23 Aug 2021 13:28:16 +0000
To: Henry Story <henry.story@gmail.com>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
CC: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
Message-ID: <MN2PR02MB699242741FC8F6B3163D5E2DCDC49@MN2PR02MB6992.namprd02.prod.outlook.com>

I would argue that a VC is *NOTHING* like an X.509 cert….  It is, instead, some piece of data *signed by* an X.509 cert.

Consider that you can’t sign things with a VC and you can’t attach other data in a tamper-evident way, to a cert.   If anything, a VC is more like a CAdES or XAdES-encoded blob of data.

Leonard

From: Henry Story <henry.story@gmail.com>
Date: Monday, August 23, 2021 at 7:03 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Cc: public-credentials (public-credentials@w3.org) <public-credentials@w3.org>
Subject: Re: What are VCs similar to?

> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net> wrote:
>
> If you assume a simple definition of a Verifiable Credentials platform as a set of data models and protocols for creating and verifying verifiable data packets and their exchange between 2 or more software agents (don't get hung up on the specific wording), what existing protocols/platform standards, in your mind, are the most similar to VCs (at a top-level)?
> - DNS?
> - TCP packets?
> - SOAP messages?
> - something else?

X509 Certificates (with 40 years of tech improvements added to them).

A Verifiable Claim is just a signed content, and the big leap of VC stack is that
it is built on well defined, open, extensible logics.

Henry

>
> Michael Herman
>
> Get Outlook for Android

Received on Monday, 23 August 2021 13:28:34 UTC