FYI: Cryptography Review and Recommendations for W3C VC and W3C DID Implementations by SRI International from John, Anil on 2022-01-26 (public-credentials@w3.org from January 2022)

From: John, Anil <anil.john@hq.dhs.gov>
Date: Wed, 26 Jan 2022 19:33:02 +0000
To: "public-credentials@w3.org" <public-credentials@w3.org>, Kerri Lemoie <klemoie@concentricsky.com>, Drummond Reed <drummond.reed@evernym.com>, Kaliya Identity Woman <kaliya@identitywoman.net>, Juan Caballero <juan.caballero@spruceid.com>, Mike Prorock <mprorock@mesur.io>, Heather Vescent <heathervescent@gmail.com>, Sharon Leu <sleu@jff.org>
Message-ID: <SA1PR09MB88154503C7BDB1FF55C8AD68C5209@SA1PR09MB8815.namprd09.prod.outlook.com>

Hello DID/VC Community,

As part of the in-depth technical due-diligence we are conducting in our multiple DHS/SVIP workstreams to enable operational capabilities for DHS/CBP, DHS/PRIV and DHS/USCIS using W3C Verifiable Credentials and W3C Decentralized Identifiers, DHS/SVIP sponsored the independent nonprofit research center SRI International ( https://www.sri.com/<https://urldefense.us/v3/__https:/www.sri.com/__;!!BClRuOV5cvtbuNI!QQnc651HVGJnMNYs-vSuaQ_LFlyrI91HPL5EhedGkojcjPJHCBFDlIMm6lAea-QRQTxJ$> ) to conduct a cryptographic review of the W3C Verifiable Credentials and W3C Decentralized Identifier standards.

This type of independent review is critically important for U.S. Government entities who are deploying capabilities based on these standards to ensure that the technologies conform to relevant U.S. Federal government standards and requirements, including the Federal Information Security Management Act (FISMA) and National Institute of Technology (NIST) standards for use of cryptography.

Please find attached (and online at the link below) the results of this independent review and the associated cryptography implementation recommendations.

https://docs.google.com/document/d/1EdCBSACtlBv2DxNZM67qi9F15Iv5uWOW/edit?usp=sharing&ouid=116879129655891111263&rtpof=true&sd=true<https://urldefense.us/v3/__https:/docs.google.com/document/d/1EdCBSACtlBv2DxNZM67qi9F15Iv5uWOW/edit?usp=sharing&ouid=116879129655891111263&rtpof=true&sd=true__;!!BClRuOV5cvtbuNI!QQnc651HVGJnMNYs-vSuaQ_LFlyrI91HPL5EhedGkojcjPJHCBFDlIMm6lAea80RqYf0$>


Heather and Mike,

An ask on behalf of the SRI folks who conducted this work --- Do you think this work would be of interest to the broader community such that it would it be possible to get some dedicated time at the CCG (would appreciate a 45 – 60 minute block) for them to walk thru the work and answer any questions the community may have?

If you think that this is too government-centric and not relevant broadly, no worries … I’ll just point folks to the report.

Kaliya, Kerri, Sharon, Drummond and Juan,

It feels like this may be an area of common interest between CCG, DIF, ToIP and EDU, so wanted to make sure you were all aware of this work and if you all believe that it make sense to have some sort of a joint opportunity for this conversation to happen, I am happy to help on that.  Same note to you as well that if you consider this to be too government-centric, no worries – I can only lead horses to water, I cannot make them drink : -)

Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time – 24 Hours

[A picture containing graphical user interface    Description automatically generated]<https://www.dhs.gov/science-and-technology>[/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]

Attachments

image/jpeg attachment: image005.jpg
image/jpeg attachment: image006.jpg
application/pdf attachment: SRI-Cryptography Review and Recommendation for W3C VCDM and W3C DID Implementation.pdf

Received on Wednesday, 26 January 2022 19:38:41 UTC