Re: Future-proofing VCs via multiple signatures from Leonard Rosenthol on 2022-01-17 (public-credentials@w3.org from January 2022)

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Mon, 17 Jan 2022 16:59:44 +0000
To: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <BY5PR02MB697919B823A530DDE8D65B40CD579@BY5PR02MB6979.namprd02.prod.outlook.com>

I know we have an update on the Algo paper in process, but not sure the status since I am pretty sure we had EdDSA in there.  I will check.

But I do agree that because of their mandates to support the entire EU (from the governments to the citizens) they are indeed *very* conservative!

Leonard

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Monday, January 17, 2022 at 10:17 AM
To: public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: Future-proofing VCs via multiple signatures
On 1/17/22 9:20 AM, Leonard Rosenthol wrote:
> The other document that is worth your review is
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.etsi.org%2Fdeliver%2Fetsi_ts%2F119300_119399%2F119312%2F01.02.01_60%2Fts_119312v010201p.pdf&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=RrWgbW6HoNKlHUbm8yNW%2B%2BpMt2MCyUauqVhsZ6z74Lk%3D&amp;reserved=0
>
>
- what we loving refer to as the “Algo Paper”, which documents that algorithms
> that are (and are not) supported for use by ETSI compliant processors.
> This includes hashing, crypto, signature, etc.

Thank you, Leonard, super helpful!

I'll note that they list these groups in their Liaison section (a good thing!):

* W3C Credentials Community Group (active) – DID
* W3C Verifiable Credentials Working Group (in maintenance
  mode) – Verifiable Credentials

... but don't mention the DID WG, which is a bit strange, but they do mention
CCG, which is broader. I suggest they add the DID WG as a Liaison since it's
the official group in charge of DIDs (in addition to CCG).

The "Algo Paper" seems quite conservative... it doesn't even mention EdDSA and
chooses to stay w/ the older (15-20+ years old) X.9/NIST standards -- RSA and
ECDSA.

Even NIST, known for moving at a glacial pace wrt. cryptography, has included
EdDSA in their latest draft of supported algorithms[1].

I guess if we want to push the envelope wrt. cryptographic algorithms, ETSI is
definitely not the place to do it. :)

-- manu

[1]https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FFIPS%2FNIST.FIPS.186-5-draft.pdf&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=LQ81xoZm4moXfrueXIWLFicNxxuw0NACV%2FrxHxqCCyc%3D&amp;reserved=0

--
Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=jxIGBOa4iUgMWDQ2fUiBSO1gP%2BqPEg94OeQA74LH7MQ%3D&amp;reserved=0
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.digitalbazaar.com%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=BXtqxriRsu%2F5uencegfl1DERDciH%2BC9uAngjsJjBwHg%3D&amp;reserved=0

Received on Monday, 17 January 2022 16:59:59 UTC