RE: DID Web, OpenSSL and Certificate Authorities

In case you find it useful, we have used DANE in the past to store the hash of the public key of an issuer (https://datatracker.ietf.org/doc/html/rfc6698#section-2). You can even store a certificate. We used DNSSEC, so CAs were not needed. There is a also a draft for doing “PKI-Authenticated Certificate Discovery” using DANE https://datatracker.ietf.org/doc/draft-wilson-dane-pkix-cd/

 

Best,

Nikos

 

From: David Chadwick <d.w.chadwick@verifiablecredentials.info> 
Sent: Thursday, February 17, 2022 7:48 PM
To: Orie Steele <orie@transmute.industries>
Cc: W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Re: DID Web, OpenSSL and Certificate Authorities

 

On 17/02/2022 17:34, Orie Steele wrote:

interesting...

> https://<DV DN>/.well-known/vc-issuer.json

This is not standard AFAIK... but would be assuming IANA accepts your recommendation, and VCDM 2.0 helps pour concrete around it.

I have not asked IANA yet. It would be better if the CCG or VCWG made the request rather than an individual, although I am happy to do the work if authorised (as I did for the vc and vp claims).

Kind regards

David


> The JWT open source library we use, uses X.509 PKCs to validate JWT VC signatures.

I have seen some evidence of support for this:

- https://gist.github.com/monmohan/d08d41c856a54d7e7619f8fba8afdf44
- https://gist.github.com/jasonk000/26f987681b56fe34c235248c980b5c2e

But it has not been clear how "standard" built-in support is.

The approach I took aligns with the links above, but again, the ca chain verification is NOT handled consistently across implementations of JOSE as far as I can tell.

Thanks for your replies again.

OS

ᐧ

 

On Thu, Feb 17, 2022 at 11:29 AM David Chadwick <d.w.chadwick@verifiablecredentials.info <mailto:d.w.chadwick@verifiablecredentials.info> > wrote:

On 17/02/2022 16:55, Orie Steele wrote:

@David Chadwick <mailto:d.w.chadwick@verifiablecredentials.info> 

AFAIK, JOSE does not support "DV X.509 PKCs" out of the box.

So recommending removing DIDs does not actually do anything to address the question... the problem remains::

How do I verify that a JWT was signed by a key in a CA chain (regardless of how you discover that key, in other words, with or without DIDs).

We use an issuer URI of https://<DV DN>

The cert with this DN should be in the CA chain.

For PKC discovery, we publish the issuer's metadata at a well-known URL. We will ask IANA to register the well-known name, such as “vc-issuer.json”. Verifiers will append this to the URL contained in the issuer property of the issued VCs e.g. https://<DV DN>/.well-known/vc-issuer.json to obtain all the meta-data about the issuer including the DV PKC or a complete CA chain from a trusted root CA.





Perhaps you care to provide a complete working example of "DV X.509 PKCs" with JWT?

this is the Identiproof implementation (https://identiproof.io)




Obviously this is trivial if I am just sticking to openssl commands, the point of the question was to explain how to do this with JOSE / JWT.

The JWT open source library we use, uses X.509 PKCs to validate JWT VC signatures. We did not really need to do much in our code to create and validate JWTs.

Kind regards

David

 


And the assumption was that it would be valuable to the VCDM regardless of the format of the issuer field (DID or no DID).

Regards,

OS

ᐧ

 

On Thu, Feb 17, 2022 at 10:41 AM David Chadwick <d.w.chadwick@verifiablecredentials.info <mailto:d.w.chadwick@verifiablecredentials.info> > wrote:

On 17/02/2022 14:33, Orie Steele wrote:

Hey Folks,

What is the best way to combine DIDs with Certificate Authorities?

Get rid of DIDs and let the issuer use DV X.509 PKCs :-)

Kind regards

David


The use case is simple: As a verifier, I want to know that a credential was issued from a public key that is in a certificate chain I trust.

When I verify this credential, I not only check its signature, but I can also check the CA chain from the key that signed in back to the root. 

 

@Mike Prorock <mailto:mprorock@mesur.io>  and I have been working on a simple example of this using DID Web, but I think it generalizes to any DID Method that supports `publicKeyJwk` and `x5c`.

https://github.com/transmute-industries/openssl-did-web-tutorial

In this example, we generate a root ca, an intermediate ca, and 3 child ca's all using P-384 and OpenSSL.

We then generate a DID Web DID Document from the public keys for the 3 children, and encode the ca chain from them back to the root using `x5c`.

We then issue a JWT from the private key for 1 of them.

We then verify the JWT signature using the public key.

We then check the x5c using open seel to confirm the certificate chain.

My questions are:

1. Is it possible to use JOSE to automate this further?
2. Is there a better way of accomplishing this?
3. Should the CA chain be pushed into the JWT?

Regards,

OS


 

-- 

ORIE STEELE 

Chief Technical Officer

www.transmute.industries <http://www.transmute.industries> 

 

 <https://www.transmute.industries/> 

ᐧ

 




 

-- 

ORIE STEELE 

Chief Technical Officer

www.transmute.industries <http://www.transmute.industries> 

 

 <https://www.transmute.industries/> 

 




 

-- 

ORIE STEELE 

Chief Technical Officer

www.transmute.industries <http://www.transmute.industries> 

 

 <https://www.transmute.industries/>