Re: Single Use Key Pairs: Disposable Private Keys? from Bob Wyman on 2021-12-13 (public-credentials@w3.org from December 2021)

From: Bob Wyman <bob@wyman.us>
Date: Mon, 13 Dec 2021 11:41:39 -0500
To: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
Cc: "sam@prosapien.com" <sam@prosapien.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
Message-ID: <CAA1s49VxyFMoLkUFAN9NvAzWL0x3QN4sG1gL4zxnfc7cqfarhQ@mail.gmail.com>

I think I'm missing something in the scenario you describe. If the private
key has been discarded, how can a signature generated with that private key
serve as anything more than a checksum? If a checksum is all you need, why
not just provide a checksum? Why bother with the signature?

bob wyman

On Sat, Dec 11, 2021 at 11:50 PM Michael Herman (Trusted Digital Web) <
mwherman@parallelspace.net> wrote:

> If an NFT (for a photo, a calf, or a kiss, etc.) or a unique one-of-a-kind
> business document (a specific purchase order, invoice, waybill, delivery
> confirmation, etc.) is represented as a (signed) verifiable credential,
> once the proof is generated for the VC, is it necessary to persist the
> private key used to sign the VC?
> ...can't the private key be thrown away if it is no longer needed to sign
> anything further?
> ...that is, only the public key needs to be persisted and keyed to the
> VC's outer id and stored in the corresponding DID document?
> ... inspired by the early part of Sam's KERI ssimeetup talk.
>
> Michael Herman
> Founder
> Trusted Digital Web
> Get Outlook for Android <https://aka.ms/AAb9ysg>
>

Received on Monday, 13 December 2021 16:43:03 UTC