RE: What are VCs similar to?

[last attempt 😊]
What I’m looking for is a set of existing specs that we can use as a model for how to structure our VC specification documents (which are not a single spec doc but rather a family of recommendations and notes).



From: David Chadwick <>
Sent: August 24, 2021 3:10 AM
To: Leonard Rosenthol <>;
Subject: Re: What are VCs similar to?

On 23/08/2021 22:35, Leonard Rosenthol wrote:
David –interesting point, but I still have to disagree.    First let me say that to me, the term X.509 certificate means *BOTH* the private and public key pair as that is what is issued by a CA.

> Actually it is not possible to sign anything with an X.509 PKC
Assuming PKC means public key certificate, that is also not true.  You can most certainly sign information using a public key – but it can only be verified by the holder of the private key.

This is not conventionally known as signing, but rather as encrypting or confidentially protecting.

It is however true that with asymmetric algorithms both the public and private keys can be used for encryption. But normally we do not call encryption 'signing'

  Though that model is more useful in the context of certificate-based encryption (where you encrypt with the public key)…


From: David Chadwick <><>
Date: Monday, August 23, 2021 at 3:56 PM
To:<> <><>
Subject: Re: What are VCs similar to?
On 23/08/2021 14:28, Leonard Rosenthol wrote:
I would argue that a VC is *NOTHING* like an X.509 cert….

I beg to differ. At the conceptual level they are very similar. Its a blob of data about a subject, their public key and any other data the issuer wants to put there, signed by the issuer.

  It is, instead, some piece of data *signed by* an X.509 cert.

Actually it is not possible to sign anything with an X.509 PKC. You can only verify an already signed document with an X.509 PKC

Kind regards


Consider that you can’t sign things with a VC and you can’t attach other data in a tamper-evident way, to a cert.   If anything, a VC is more like a CAdES or XAdES-encoded blob of data.


From: Henry Story <><>
Date: Monday, August 23, 2021 at 7:03 AM
To: Michael Herman (Trusted Digital Web) <><>
Cc: public-credentials (<>) <><>
Subject: Re: What are VCs similar to?

> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <><> wrote:
> If you assume a simple definition of a Verifiable Credentials platform as a set of data models and protocols for creating and verifying verifiable data packets and their exchange between 2 or more software agents (don't get hung up on the specific wording), what existing protocols/platform standards, in your mind, are the most similar to VCs (at a top-level)?
> - DNS?
> - TCP packets?
> - SOAP messages?
> - something else?

X509 Certificates (with 40 years of tech improvements added to them).

A Verifiable Claim is just a signed content, and the big leap of VC stack is that
it is built on well defined, open, extensible logics.


> Michael Herman
> Get Outlook for Android

Received on Tuesday, 24 August 2021 13:16:47 UTC