Re: Sustainable Verifiable Credentials

On Thu, Sep 7, 2023 at 10:21 PM Orie Steele <> wrote:
> The VCWG could recommend against wasteful cryptographic operations or dependencies that consume more CPU than is needed to sign or verify.

Ah yes, the good 'ol "TLS is too expensive to implement at scale"
argument, which has been repeatedly debunked through various
technology cycles:

The argument goes "Cryptography X is too expensive to implement, so we
should just keep doing what we've always been doing!"... which
presumes that two technologies are exactly the same, which they're not
(as has been said earlier in this thread).

To be clear, we have implemented a variety of the VCDM securing
mechanisms at scale, in production, and the time it takes to secure a
VC is an insignificant rounding error compared to the time taken
running on top of multiple layers of virtualization in cloud
environments, and communicating w/ other HTTP APIs, doing database
updates/calls, and running business logic.

This is a textbook case of trying to optimize the wrong thing and it's
coming off as political in nature. You might let everyone know that
you're the lead editor on a specification that would benefit from this
sort of "recommendation against wasteful cryptographic operations".

Furthermore, you might as well suggest that we stop using interpreted
languages, like Javascript and Python on the server and everyone go
back to implementing in C++ (probably still too slow) or assembler. If
you want to call out wasteful CPU cycles, running in an interpreted
language is far, far worse than a handful of cryptographic operations.

As Dave Lehn pointed out in the thread, getting consensus on a
definition of sustainability (which we all care about), is a difficult
thing to do. For example, if we use the traditional signature models
we can look forward to doubling to tripling disk usage, which is a far
more damaging/permanent thing for the environment (extraction of rare
earth material, chip manufacturing, etc.) than a few milliseconds of
compute. That's just ONE of the complexities that will come up in such
a discussion; it eats away at precious WG time.

This is not a zero-sum decision... there are trade-offs with each
technology approach, and not everyone has a use case that fits into a
neat narrative. This whole "sustainable VCs" comes off as a
green-washing of your specification (vc-jose-cose) in an attempt to
get the W3C Membership riled up so that they might favor a set of
technical decisions that you want them to make. It's the same
"blockchain guilt by association" thing that was done during the DID
Formal Objections (and was overturned).

Yes, sustainability matters and is important... but this feels like
you're barking up the wrong tree, here (and it's just going to result
in a big waste of time for everyone involved, and then not have a
great deal of impact from an emissions perspective in the end).

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.

Received on Friday, 8 September 2023 14:01:24 UTC