- From: Mike Prorock <mprorock@mesur.io>
- Date: Mon, 31 Jan 2022 23:20:37 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAGJKSNS32_C1CLzgKka466acN3_CUk_aXVV8QGuPdD2FcEYkTA@mail.gmail.com>
++1 to Joe as noted by Manu. The underlying semantic meaning is a pretty key thing here Mike Prorock mesur.io On Mon, Jan 31, 2022, 22:20 Manu Sporny <msporny@digitalbazaar.com> wrote: > On 1/31/22 9:48 PM, Joe Andrieu wrote: > > > > More than that is a foot-gun machine and should be treated with great > > care. I appreciate Christopher's list of multi-sig capabilities, but > > without clear semantics, the crypto, IMO, is just as likely to give a > > false sense of rigor when the actual intention of the signer is a > > mismatch with the expectation of the verifier, but, "Hey! the math > > verifies, so it must be good, right?" > > > > It doesn't matter if the math is valid if the meaning is > > misinterpreted. > > > > All of this is an argument in support of a work item that helps > > standardize these kinds of semantics, especially if simplicity is a > > core goal. > > Huge +1 to this. One of the dangers in this multi-signatures area is > misinterpretation of what the signatures really mean. > > There are many possibilities here that are neat cryptographic tricks > that are in search of a use case. As Joe states, we need to be very > careful that the interpretation of these multiple signatures are not > interpreted to mean something the signers never intended. > > -- manu > > -- > Manu Sporny > Founder/CEO - Digital Bazaar, Inc. > Our Verifiable Credential Deployments > https://www.digitalbazaar.com/case-studies > >
Received on Tuesday, 1 February 2022 04:21:58 UTC