W3C home > Mailing lists > Public > public-credentials@w3.org > September 2021

Re: Mozilla Formally Objects to DID Core

From: Juan Caballero <juan.caballero@spruceid.com>
Date: Thu, 2 Sep 2021 16:59:52 +0200
To: Steve Capell <steve.capell@gmail.com>, Christopher Allen <ChristopherA@lifewithalacrity.com>, Joe Andrieu <joe@legreq.com>
Cc: Orie Steele <orie@transmute.industries>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <8876db64-6bfb-a803-fcd0-de1155b5daaa@spruceid.com>
If only there were some kind of "rubric" document for navigating the 
market, or better yet, a podcast offering deep-dives into the decisions 
issues and goals of major methods... ;)

On 9/2/2021 6:25 AM, Steve Capell wrote:
> We’ll that’s true too
>
> A confusion of methods is tricky for the un-initiated.  But do we 
> prefer to let the powerful dictate a few or let the market decide 
> which of the many survive.  I can certainly sympathise with the “be 
> open and let the market decide” approach
>
> But with that probably comes some obligation to help users navigate 
> the market.  Which method is supported by who? What problem does it 
> focus on solving? Which methods are seeing the greatest uptake ?
>
> I do find it a bit hard to figure out
>
> Steven Capell
> Mob: 0410 437854
>
>> On 2 Sep 2021, at 1:22 pm, Christopher Allen 
>> <ChristopherA@lifewithalacrity.com> wrote:
>>
>> 
>> On Wed, Sep 1, 2021 at 7:17 PM Steve Capell <steve.capell@gmail.com 
>> <mailto:steve.capell@gmail.com>> wrote:
>>
>>     Can’t help but sympathise with the concern around the cacophony
>>     of DID methods
>>
>>
>> All I can say is the many examples of the success of architectures 
>> leveraging multiple methods based on history history. In my case, 
>> Microsoft would have blocked TLS if we (the TLS editors) didn't 
>> support their Kerberos cypher suite, (a "method"). Which of course, 
>> no one used, and I later heard from one of the engineers was known to 
>> be more market positional than any technical reality.
>>
>> But Microsoft would have bounced TLS and used their only embrace & 
>> extend (effectively SSL 2.1) fork if we didn't accept Kerberos. There 
>> were also many more ciphersuites that were never used except in POCs. 
>> I argued in TLS 1.3 that we should deprecate more of them by putting 
>> expiration dates on them, and I also requested that we learn from 
>> that lesson and do the same with DIDs, but there wasn't consensus for 
>> this.
>>
>> My opinion is most DID methods will evolve or disappear as the market 
>> matures. IMHO this is the whole reason why we elected to use methods 
>> in the DID architecture in the first place. It also allows for 
>> innovation while discouraging blocking.
>>
>> -- Christopher Allen
>>
Received on Thursday, 2 September 2021 15:00:09 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 September 2021 15:00:10 UTC