- From: Leonard Rosenthol <lrosenth@adobe.com>
- Date: Mon, 17 Jan 2022 14:20:37 +0000
- To: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
- Message-ID: <BY5PR02MB69796DB6885D90368270E7C7CD579@BY5PR02MB6979.namprd02.prod.outlook.com>
You can find a document here (https://docbox.etsi.org/esi/Open/Latest_Drafts/ESI-0019003v002%20Public%20review%20draft_SR_019_003_Possible_Standards_for_eIDAS_2_0.pdf) that we put together at ETSI that lists all the relevant sections from EIDAS v2 that would impact ETSI standards, along with notes about which existing standards are effected and what new ones should be evaluate. You will see references in there to the VC Data Model (which is an active work effort, some good discussions last week around it, in fact) as well as blockchain/DLT (though that is primarily for identity and not crypto). The other document that is worth your review is https://www.etsi.org/deliver/etsi_ts/119300_119399/119312/01.02.01_60/ts_119312v010201p.pdf - what we loving refer to as the “Algo Paper”, which documents that algorithms that are (and are not) supported for use by ETSI compliant processors. This includes hashing, crypto, signature, etc. Leonard From: Manu Sporny <msporny@digitalbazaar.com> Date: Sunday, January 16, 2022 at 7:34 PM To: public-credentials@w3.org <public-credentials@w3.org> Subject: Re: Future-proofing VCs via multiple signatures On 1/16/22 7:09 PM, Leonard Rosenthol wrote: > I can comment that as of last week’s ETSI meetings, there are no plans for > the EU to adopt any new signature schemes as part of the new EIDAS v2 > regulations. Leonard, do you have any publicly accessible documentation related to signature schemes adopted as part of the EIDAS v2 regulations? That would be helpful guidance for this community to keep in mind while we do the VCWG 2.0 work (which involves standardizing cryptographic suites, which use already approved IETF CFRG signature schemes, which I imagine are used by EIDAS v2). > So it will indeed be quite a while before one could use these legally in > the EU (or other countries that have adopted ETSI signature and identity > standards). If we go back to the start of this thread, the whole concept was to use adopted signature standards while providing next-generation experimental ones. This turns the traditional multi-decade step-wise digital signature approach into a more continuous / tighter-cycle signature scheme upgrade experience. It doesn't need to be either/or / zero-sum (which is the state we're in now with digital signature mechanisms), but rather, with the Data Integrity work, we can turn it into a "Yes, and..."... that is, "Yes, here's the officially accepted signature, AND a more cutting-edge one for those organizations that are more comfortable on the leading edge." Hopefully, that isn't getting lost in the thread. :) -- manu -- Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&data=04%7C01%7Clrosenth%40adobe.com%7C9e48fe324e9d4eaf2f6a08d9d950e2e2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637779764413318624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Xx6XDCk6N1ykIgnaUDgwcEkO42%2BMOHRebI%2FRceeWssk%3D&reserved=0 Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.digitalbazaar.com%2F&data=04%7C01%7Clrosenth%40adobe.com%7C9e48fe324e9d4eaf2f6a08d9d950e2e2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637779764413318624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=S%2BgpBbw%2BwWPGglj7JyyitTxdyhQDGHTykiVn9AveaRc%3D&reserved=0
Received on Monday, 17 January 2022 14:20:53 UTC