- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 8 Sep 2023 10:00:42 -0400
- To: Orie Steele <orie@transmute.industries>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On Thu, Sep 7, 2023 at 10:21 PM Orie Steele <orie@transmute.industries> wrote: > The VCWG could recommend against wasteful cryptographic operations or dependencies that consume more CPU than is needed to sign or verify. Ah yes, the good 'ol "TLS is too expensive to implement at scale" argument, which has been repeatedly debunked through various technology cycles: http://highscalability.com/blog/2011/2/10/dispelling-the-new-ssl-myth.html The argument goes "Cryptography X is too expensive to implement, so we should just keep doing what we've always been doing!"... which presumes that two technologies are exactly the same, which they're not (as has been said earlier in this thread). To be clear, we have implemented a variety of the VCDM securing mechanisms at scale, in production, and the time it takes to secure a VC is an insignificant rounding error compared to the time taken running on top of multiple layers of virtualization in cloud environments, and communicating w/ other HTTP APIs, doing database updates/calls, and running business logic. This is a textbook case of trying to optimize the wrong thing and it's coming off as political in nature. You might let everyone know that you're the lead editor on a specification that would benefit from this sort of "recommendation against wasteful cryptographic operations". Furthermore, you might as well suggest that we stop using interpreted languages, like Javascript and Python on the server and everyone go back to implementing in C++ (probably still too slow) or assembler. If you want to call out wasteful CPU cycles, running in an interpreted language is far, far worse than a handful of cryptographic operations. As Dave Lehn pointed out in the thread, getting consensus on a definition of sustainability (which we all care about), is a difficult thing to do. For example, if we use the traditional signature models we can look forward to doubling to tripling disk usage, which is a far more damaging/permanent thing for the environment (extraction of rare earth material, chip manufacturing, etc.) than a few milliseconds of compute. That's just ONE of the complexities that will come up in such a discussion; it eats away at precious WG time. This is not a zero-sum decision... there are trade-offs with each technology approach, and not everyone has a use case that fits into a neat narrative. This whole "sustainable VCs" comes off as a green-washing of your specification (vc-jose-cose) in an attempt to get the W3C Membership riled up so that they might favor a set of technical decisions that you want them to make. It's the same "blockchain guilt by association" thing that was done during the DID Formal Objections (and was overturned). Yes, sustainability matters and is important... but this feels like you're barking up the wrong tree, here (and it's just going to result in a big waste of time for everyone involved, and then not have a great deal of impact from an emissions perspective in the end). -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Friday, 8 September 2023 14:01:24 UTC