Solid Standardization of Basic Signature Technology for Verifiable Credentials (was: AW: VC-JWT perma-thread (was: Re: RDF Dataset Canonicalization - Formal Proof)) from detlef.huehnlein@ecsec.de on 2021-03-29 (public-credentials@w3.org from March 2021)

From: <detlef.huehnlein@ecsec.de>
Date: Mon, 29 Mar 2021 08:05:44 +0200
To: <d.w.chadwick@kent.ac.uk>, "'Manu Sporny'" <msporny@digitalbazaar.com>
Cc: <public-credentials@w3.org>
Message-ID: <012501d72461$8e6d3bb0$ab47b310$@ecsec.de>

Dear Manu, dear David,

 

>I hesitate to re-ignite this old flame war again.

 

I am sure that I completely missed a lot of interesting discussions which 

finally lead to https://www.w3.org/TR/vc-imp-guide/#proof-formats and

hence there is a risk that I may misunderstand what is written there. 

 

However when I look at PF3a <https://www.w3.org/TR/vc-imp-guide/#pf3a>  and PF16b <https://www.w3.org/TR/vc-imp-guide/#pf16b>  and especially the fact that the two references

[LD-PROOFS] and [LD-SIGNATURES] in https://www.w3.org/TR/vc-data-model/ 

both lead to https://w3c-ccg.github.io/ld-proofs/, which has obviously room

for improvement, it seems to be clear to me that we have an issue here, 

which is likely to seriously harm or even prevent interoperability for 

verifiable credentials. 

 

What are our plans to solve these obvious (and IMHO urgent) problems?

 

Best Regards

      Detlef

 

 

-----Ursprüngliche Nachricht-----

Von: Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com> > 

Gesendet: Samstag, 27. März 2021 16:26

An: public-credentials@w3.org <mailto:public-credentials@w3.org> 

Betreff: VC-JWT perma-thread (was: Re: RDF Dataset Canonicalization - Formal Proof)

 

On 3/27/21 11:12 AM, David Chadwick wrote:

> as you know, implementers can use JWT proofs for VCs, and then 

> canonicalisation is not needed.

 

I hesitate to re-ignite this old flame war again. I'll point to the analysis that was done by both the pro-JWT and pro-LDS camps here:

 

 <https://www.w3.org/TR/vc-imp-guide/#proof-formats> https://www.w3.org/TR/vc-imp-guide/#proof-formats

 

> This is a major benefit of using JWS/JWT, as canonicalisation has been 

> fraught with difficulties (as anybody who has worked with XML 

> signatures will know, and discussions in the IETF PKIX group have highlighted).

 

Anyone who believes that RDF Dataset Canonicalization is the same problem as XML Canonicalization does not understand the problem space. These are two very different problem spaces with very different solutions.

 

-- manu

 

--

Manu Sporny -  <https://www.linkedin.com/in/manusporny/> https://www.linkedin.com/in/manusporny/

Founder/CEO - Digital Bazaar, Inc.

blog: Veres One Decentralized Identifier Blockchain Launches  <https://tinyurl.com/veres-one-launches> https://tinyurl.com/veres-one-launches

Received on Monday, 29 March 2021 06:05:58 UTC