- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 25 Oct 2022 10:59:08 -0400
- To: "John, Anil" <anil.john@hq.dhs.gov>
- Cc: "public-credentials@w3.org" <public-credentials@w3.org>
On Tue, Oct 18, 2022 at 12:35 PM John, Anil <anil.john@hq.dhs.gov> wrote: > The ability to simultaneously have 3 separate proofs associated with the same JSON-LD based verifiable credential > > A proof that is using FIPS Compliant Cryptographic Primitives > A proof that is using Post-Quantum Cryptographic Primitives > A proof that is using BBS Cryptographic Primitives for Selective Disclosure As mentioned in the previous email, this is supported by VC Data Integrity: https://w3c.github.io/vc-data-integrity/#proof-sets We'll find out how many implement the feature, which is not difficult to implement if you support a single Data Integrity proof, when we get to the Candidate Recommendation phase. > A mechanism for the Digital Wallet to signal to an Issuer that it is capable of supporting the above This would probably be a privacy violation if done on a per-individual basis (it could broadcast which types of DIDs the individual has). For example, if you are using a type of cryptography that is used by a particular nation state, it would out you as potentially having ties with that nation state. If this is done at the wallet level, it's probably not useful information. Just because a digital wallet supports 20 DID Methods doesn't mean that the individual using the wallet actually has all 20 of those DID Methods at their disposal. A design with a better privacy position would be for the Verifier to assert that it supports verifying certain types of digital signatures. This is the approach that the VC API has taken with Verifiable Presentation Requests and is shown in the DIDAuthentication flows here (note the "acceptedMethods" and "acceptedCryptosuites" fields.): https://w3c-ccg.github.io/vp-request-spec/#the-did-authentication-query-format > A mechanism for the Digital Wallet to signal to a Verifier about the proof formats it has available on a particular credential Same as the comment above. The Digital Wallet signalling specifics about what it holds on a per-individual basis can lead to privacy violations. The Digital Wallet signalling its feature set, in general, might not be useful in this particular scenario (but might be useful in others, like asserting that it passes certain industry certifications). > A mechanism for the Verifier to signal to the Holder/Wallet about the proof formats it supports What's the use case here? Is it: "Verifier Gamma would like to offer a Verifiable Credential in a format that the Holder will be able to process."? Why isn't this driven off of something like the "acceptedCryptosuites" field in DID Authentication -- given that, you know what sort of cryptography the Holder software prefers and you can issue using the same cryptography. OR, an Issuer might not care... they might only issue using EdDSA and BBS, and when you get a VC, you get it with both (because you had to prove possession for both in many cases). Thoughts? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Tuesday, 25 October 2022 14:59:56 UTC