W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: Future-proofing VCs via multiple signatures

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Mon, 17 Jan 2022 14:20:37 +0000
To: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <BY5PR02MB69796DB6885D90368270E7C7CD579@BY5PR02MB6979.namprd02.prod.outlook.com>
You can find a document here (https://docbox.etsi.org/esi/Open/Latest_Drafts/ESI-0019003v002%20Public%20review%20draft_SR_019_003_Possible_Standards_for_eIDAS_2_0.pdf) that we put together at ETSI that lists all the relevant sections from EIDAS v2 that would impact ETSI standards, along with notes about which existing standards are effected and what new ones should be evaluate.

You will see references in there to the VC Data Model (which is an active work effort, some good discussions last week around it, in fact) as well as blockchain/DLT (though that is primarily for identity and not crypto).

The other document that is worth your review is https://www.etsi.org/deliver/etsi_ts/119300_119399/119312/01.02.01_60/ts_119312v010201p.pdf - what we loving refer to as the “Algo Paper”, which documents that algorithms that are (and are not) supported for use by ETSI compliant processors.  This includes hashing, crypto, signature, etc.

Leonard

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sunday, January 16, 2022 at 7:34 PM
To: public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: Future-proofing VCs via multiple signatures
On 1/16/22 7:09 PM, Leonard Rosenthol wrote:
> I can comment that as of last week’s ETSI meetings, there are no plans for
> the EU to adopt any new signature schemes as part of the new EIDAS v2
> regulations.

Leonard, do you have any publicly accessible documentation related to
signature schemes adopted as part of the EIDAS v2 regulations?

That would be helpful guidance for this community to keep in mind while we do
the VCWG 2.0 work (which involves standardizing cryptographic suites, which
use already approved IETF CFRG signature schemes, which I imagine are used by
EIDAS v2).

> So it will indeed be quite a while before one could use these legally in
> the EU (or other countries that have adopted ETSI signature and identity
> standards).

If we go back to the start of this thread, the whole concept was to use
adopted signature standards while providing next-generation experimental ones.

This turns the traditional multi-decade step-wise digital signature approach
into a more continuous / tighter-cycle signature scheme upgrade experience.

It doesn't need to be either/or / zero-sum (which is the state we're in now
with digital signature mechanisms), but rather, with the Data Integrity work,
we can turn it into a "Yes, and..."... that is, "Yes, here's the officially
accepted signature, AND a more cutting-edge one for those organizations that
are more comfortable on the leading edge."

Hopefully, that isn't getting lost in the thread. :)

-- manu

--
Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7C9e48fe324e9d4eaf2f6a08d9d950e2e2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637779764413318624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=Xx6XDCk6N1ykIgnaUDgwcEkO42%2BMOHRebI%2FRceeWssk%3D&amp;reserved=0
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.digitalbazaar.com%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7C9e48fe324e9d4eaf2f6a08d9d950e2e2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637779764413318624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=S%2BgpBbw%2BwWPGglj7JyyitTxdyhQDGHTykiVn9AveaRc%3D&amp;reserved=0
Received on Monday, 17 January 2022 14:20:53 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC