- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 11 Oct 2022 11:21:55 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Jack Tanner <jack@tonomy.foundation>, public-credentials@w3.org, rebal@tonomy.foundation, Suneet Bendre <bendre.android@gmail.com>
On Mon, Oct 10, 2022 at 4:37 AM Jack Tanner <jack@tonomy.foundation> wrote: > What are the options you are considering for how to verify that a M/N proof set contains the required number of signatures? Another option is to actually hide all the details around how a special signature is produced from verifiers and, instead, expose a simple signature for verification. In other words, design your system such that there is a key hidden away in an HSM that will only perform a signature if you send it (or it eventually "collects") whatever it needs (be that M-of-N other signatures or anything else). You are then able to implement this however you want to -- and avoid exposing those details to every external (and perhaps unknown) verifier, in the hopes that they will all implement your complex verification scheme. There may be details that could make this approach unworkable for your use case(s), but it should be considered first as it puts less burden on interop with verifiers and allows for more experimentation hidden away in the implementation details. -- Dave Longley CTO Digital Bazaar, Inc.
Received on Tuesday, 11 October 2022 15:22:23 UTC