- From: Leonard Rosenthol <lrosenth@adobe.com>
- Date: Mon, 17 Jan 2022 16:59:44 +0000
- To: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
- Message-ID: <BY5PR02MB697919B823A530DDE8D65B40CD579@BY5PR02MB6979.namprd02.prod.outlook.com>
I know we have an update on the Algo paper in process, but not sure the status since I am pretty sure we had EdDSA in there. I will check. But I do agree that because of their mandates to support the entire EU (from the governments to the citizens) they are indeed *very* conservative! Leonard From: Manu Sporny <msporny@digitalbazaar.com> Date: Monday, January 17, 2022 at 10:17 AM To: public-credentials@w3.org <public-credentials@w3.org> Subject: Re: Future-proofing VCs via multiple signatures On 1/17/22 9:20 AM, Leonard Rosenthol wrote: > The other document that is worth your review is > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.etsi.org%2Fdeliver%2Fetsi_ts%2F119300_119399%2F119312%2F01.02.01_60%2Fts_119312v010201p.pdf&data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=RrWgbW6HoNKlHUbm8yNW%2B%2BpMt2MCyUauqVhsZ6z74Lk%3D&reserved=0 > > - what we loving refer to as the “Algo Paper”, which documents that algorithms > that are (and are not) supported for use by ETSI compliant processors. > This includes hashing, crypto, signature, etc. Thank you, Leonard, super helpful! I'll note that they list these groups in their Liaison section (a good thing!): * W3C Credentials Community Group (active) – DID * W3C Verifiable Credentials Working Group (in maintenance mode) – Verifiable Credentials ... but don't mention the DID WG, which is a bit strange, but they do mention CCG, which is broader. I suggest they add the DID WG as a Liaison since it's the official group in charge of DIDs (in addition to CCG). The "Algo Paper" seems quite conservative... it doesn't even mention EdDSA and chooses to stay w/ the older (15-20+ years old) X.9/NIST standards -- RSA and ECDSA. Even NIST, known for moving at a glacial pace wrt. cryptography, has included EdDSA in their latest draft of supported algorithms[1]. I guess if we want to push the envelope wrt. cryptographic algorithms, ETSI is definitely not the place to do it. :) -- manu [1]https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FFIPS%2FNIST.FIPS.186-5-draft.pdf&data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=LQ81xoZm4moXfrueXIWLFicNxxuw0NACV%2FrxHxqCCyc%3D&reserved=0 -- Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=jxIGBOa4iUgMWDQ2fUiBSO1gP%2BqPEg94OeQA74LH7MQ%3D&reserved=0 Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.digitalbazaar.com%2F&data=04%7C01%7Clrosenth%40adobe.com%7Cd975428782de450b216a08d9d9cc3ad3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637780294285799712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=BXtqxriRsu%2F5uencegfl1DERDciH%2BC9uAngjsJjBwHg%3D&reserved=0
Received on Monday, 17 January 2022 16:59:59 UTC