On 24/08/2021 14:16, Michael Herman (Trusted Digital Web) wrote:

[last attempt 😊]

What I’m looking for is a set of existing specs that we can use as a model for how to structure our VC specification documents (which are not a single spec doc but rather a family of recommendations and notes).

I am not aware that such a description exists. Our company has a set of Installation Guides for our products (and I am sure so do many other companies), but not instructions of how to build a vc-eco system from a set of standards. Currently it is an art rather than a scientific method.

If you find such a description please let me know

Kind regards







From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Sent: August 24, 2021 3:10 AM
To: Leonard Rosenthol <lrosenth@adobe.com>; public-credentials@w3.org
Subject: Re: What are VCs similar to?


On 23/08/2021 22:35, Leonard Rosenthol wrote:

David –interesting point, but I still have to disagree.    First let me say that to me, the term X.509 certificate means *BOTH* the private and public key pair as that is what is issued by a CA.


> Actually it is not possible to sign anything with an X.509 PKC

Assuming PKC means public key certificate, that is also not true.  You can most certainly sign information using a public key – but it can only be verified by the holder of the private key.

This is not conventionally known as signing, but rather as encrypting or confidentially protecting.

It is however true that with asymmetric algorithms both the public and private keys can be used for encryption. But normally we do not call encryption 'signing'


  Though that model is more useful in the context of certificate-based encryption (where you encrypt with the public key)…




From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Date: Monday, August 23, 2021 at 3:56 PM
To: public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: What are VCs similar to?

On 23/08/2021 14:28, Leonard Rosenthol wrote:

I would argue that a VC is *NOTHING* like an X.509 cert….

I beg to differ. At the conceptual level they are very similar. Its a blob of data about a subject, their public key and any other data the issuer wants to put there, signed by the issuer.


  It is, instead, some piece of data *signed by* an X.509 cert. 

Actually it is not possible to sign anything with an X.509 PKC. You can only verify an already signed document with an X.509 PKC

Kind regards



Consider that you can’t sign things with a VC and you can’t attach other data in a tamper-evident way, to a cert.   If anything, a VC is more like a CAdES or XAdES-encoded blob of data.




From: Henry Story <henry.story@gmail.com>
Date: Monday, August 23, 2021 at 7:03 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Cc: public-credentials (public-credentials@w3.org) <public-credentials@w3.org>
Subject: Re: What are VCs similar to?

> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net> wrote:
> If you assume a simple definition of a Verifiable Credentials platform as a set of data models and protocols for creating and verifying verifiable data packets and their exchange between 2 or more software agents (don't get hung up on the specific wording), what existing protocols/platform standards, in your mind, are the most similar to VCs (at a top-level)?
> - DNS?
> - TCP packets?
> - SOAP messages?
> - something else?

X509 Certificates (with 40 years of tech improvements added to them).

A Verifiable Claim is just a signed content, and the big leap of VC stack is that
it is built on well defined, open, extensible logics.


> Michael Herman
> Get Outlook for Android