W3C home > Mailing lists > Public > public-credentials@w3.org > August 2021

Re: What are VCs similar to?

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Mon, 23 Aug 2021 21:35:26 +0000
To: David Chadwick <d.w.chadwick@verifiablecredentials.info>, "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <MN2PR02MB69929C9C1E8D909A6314E15FCDC49@MN2PR02MB6992.namprd02.prod.outlook.com>
David –interesting point, but I still have to disagree.    First let me say that to me, the term X.509 certificate means *BOTH* the private and public key pair as that is what is issued by a CA.

> Actually it is not possible to sign anything with an X.509 PKC
Assuming PKC means public key certificate, that is also not true.  You can most certainly sign information using a public key – but it can only be verified by the holder of the private key.   Though that model is more useful in the context of certificate-based encryption (where you encrypt with the public key)…


From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Date: Monday, August 23, 2021 at 3:56 PM
To: public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: What are VCs similar to?
On 23/08/2021 14:28, Leonard Rosenthol wrote:
I would argue that a VC is *NOTHING* like an X.509 cert….

I beg to differ. At the conceptual level they are very similar. Its a blob of data about a subject, their public key and any other data the issuer wants to put there, signed by the issuer.

  It is, instead, some piece of data *signed by* an X.509 cert.

Actually it is not possible to sign anything with an X.509 PKC. You can only verify an already signed document with an X.509 PKC

Kind regards


Consider that you can’t sign things with a VC and you can’t attach other data in a tamper-evident way, to a cert.   If anything, a VC is more like a CAdES or XAdES-encoded blob of data.


From: Henry Story <henry.story@gmail.com><mailto:henry.story@gmail.com>
Date: Monday, August 23, 2021 at 7:03 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net><mailto:mwherman@parallelspace.net>
Cc: public-credentials (public-credentials@w3.org<mailto:public-credentials@w3.org>) <public-credentials@w3.org><mailto:public-credentials@w3.org>
Subject: Re: What are VCs similar to?

> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net><mailto:mwherman@parallelspace.net> wrote:
> If you assume a simple definition of a Verifiable Credentials platform as a set of data models and protocols for creating and verifying verifiable data packets and their exchange between 2 or more software agents (don't get hung up on the specific wording), what existing protocols/platform standards, in your mind, are the most similar to VCs (at a top-level)?
> - DNS?
> - TCP packets?
> - SOAP messages?
> - something else?

X509 Certificates (with 40 years of tech improvements added to them).

A Verifiable Claim is just a signed content, and the big leap of VC stack is that
it is built on well defined, open, extensible logics.


> Michael Herman
> Get Outlook for Android
Received on Monday, 23 August 2021 21:35:42 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 August 2021 21:35:44 UTC