Re: Use of cryptography with W3C VCs and DIDs released from Manu Sporny on 2022-04-24 (public-credentials@w3.org from April 2022)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 24 Apr 2022 18:34:35 -0400
To: public-credentials@w3.org
Message-ID: <261201f8-d6d3-294f-e0bc-52a1476b4cf4@digitalbazaar.com>
On 4/21/22 6:27 PM, Christopher Allen wrote:
> Though I appreciate the hard work that went into this document (including
> some support from our community) I ended up having a strong visceral
> reaction to it as I feel its recommendations are largely bad long-term
> decisions. If you want to do business with the US Government and its allies
> (aka LESS "Legally Enabled Self-Sovereign" Identity), you will have to use
> them.

Let me try and share some of my personal perspective, which as you know, is
informed by direct engagement with US Department of Homeland Security and
indirectly, NIST. I personally spend a non-trivial amount of time speaking
with various individuals from governments about what their governments are and
are not willing to support when it comes to cryptographic systems.

I'll also point out that David Balenson, who is one of the people that put
that paper together, used to work for NIST and has a long and impressive
career[1] in the cyber security realm. Nick Genise (the other author) has a
background[2] in post-quantum crypto (lattice algorithms). All that to say --
they're not slouches when it comes to understanding the USG perspective nor
understanding modern cryptosystems. :)

Let me also underscore, again, that these are just my personal feelings and
thoughts on the matter.

On one hand, yes, I share your frustration that we're not able to use more
more modern cryptosystems when operating within US government systems that are
subject to NIST requirements.

On the other hand, those multiple levels of review (and excruciatingly slow
pace) are there for a reason -- to stop a variety of the catastrophic
technical failures we've seen happen over the past several decades when it
comes to cryptosystems (both new and old). Accomplishing what you're
requesting, within those boundaries, is a herculean, iterative, multi-decade
task... and it basically boils down to this:

1. Create a new cryptosystem (1-5 years).

2. Get it standardized at some recognized body for
   standardizing cryptosystems, like the IETF Crypto Forum
   Research Group, SECG, etc) (2-3 years).

3. Get NIST to recognize the standard as worthy to be
   included in a FIPS publication (5-10 years).

4. Ensure that there is a FIPS 140 process to validate
   your cryptographic module (2-5 years).

If you don't achieve those 4 things, you have very little hope of getting
broad deployment of your cryptosystem within non-military USG systems. #1 is
the easiest step, #2 is harder, #3 is where things start getting really hard
and taking up to a decade, and #4 takes significant effort as well. There are
shortcuts via special waivers, but those are exceedingly difficult to get
unless you're one of the multi-billion dollar multinationals with droves of
cryptographers and mathematicians at your disposal (e.g., IBM, Microsoft,
Apple, Google) -- and even then, you're in for an uphill slog.

Much of what you allude to in your writings have barely made it past step
#2... and I don't see them getting past step #3 for another 5-10 years... and
it really pains me to say that.

However, there is hope -- remember, that NIST is largely enforced when you
need to do cryptography WITHIN a government context. That is, inside the
"government security boundary". There are other sectors that tend to move much
faster, and lead by many years. The following sectors tend to be early
adopters of cutting edge crypto -- retail, education, smaller corporations,
open source programs, etc.

For example, OpenSSL supported Ed25519 a mere six months after the IETF 8032
RFC was published. NIST just recently published a draft adopting Ed25519. I
expect it'll be another 2-4 years until there is a certified Ed25519
FIPS-140-3 module. So, that's a decade for a fairly "boring", well understood
cryptography scheme to go from first IETF RFC to usable in US Government...
but use in the commercial sector only took 2 years.

For those of you that want faster adoption paths for new crypto, convincing
NIST to change their process is probably going to be as effective as trying to
push an ox up a hill (the ox is going to move at whatever pace it wants to).

In the next email, I'll try to map the areas that Christopher has identified
and what we've tried to do in the DID and VC work to enable folks to run ahead
and work with faster industries while NIST moves at a different pace to adopt
DIDs and VCs, but on terms that make sense to large governments. NIST is
important, because many other nation states (but not all) base their
recommendations on top of the NIST recommendations.

-- manu

[1]https://www.linkedin.com/in/balenson/details/experience/
[2]https://ngenise.github.io/site/

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Sunday, 24 April 2022 22:34:52 UTC