- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 31 Jan 2022 22:20:14 -0500
- To: public-credentials@w3.org
On 1/31/22 9:48 PM, Joe Andrieu wrote: > > More than that is a foot-gun machine and should be treated with great > care. I appreciate Christopher's list of multi-sig capabilities, but > without clear semantics, the crypto, IMO, is just as likely to give a > false sense of rigor when the actual intention of the signer is a > mismatch with the expectation of the verifier, but, "Hey! the math > verifies, so it must be good, right?" > > It doesn't matter if the math is valid if the meaning is > misinterpreted. > > All of this is an argument in support of a work item that helps > standardize these kinds of semantics, especially if simplicity is a > core goal. Huge +1 to this. One of the dangers in this multi-signatures area is misinterpretation of what the signatures really mean. There are many possibilities here that are neat cryptographic tricks that are in search of a use case. As Joe states, we need to be very careful that the interpretation of these multiple signatures are not interpreted to mean something the signers never intended. -- manu -- Manu Sporny Founder/CEO - Digital Bazaar, Inc. Our Verifiable Credential Deployments https://www.digitalbazaar.com/case-studies
Received on Tuesday, 1 February 2022 03:20:30 UTC