Re: Goals and Requirements for DID Method Standardization? from Leonard Rosenthol on 2024-12-01 (public-credentials@w3.org from December 2024)

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Sun, 1 Dec 2024 18:04:32 +0000
To: Christopher Allen <ChristopherA@lifewithalacrity.com>, Andres Olave <andres.olave@velocitycareerlabs.com>
CC: Manu Sporny <msporny@digitalbazaar.com>, Steve Capell <steve.capell@gmail.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <DM8PR02MB818115BFC6F9D516DE4A4102CD342@DM8PR02MB8181.namprd02.prod.outlook.com>

> minimum publicly provable time stamps with no phone-home
>
The “no phone home” problem is exacerbated by the CA/Browser Forum forcing a move back to CRLs from OCSP (https://cabforum.org/2023/07/14/ballot-sc-063-v4-make-ocsp-optional-require-crls-and-incentivize-automation/), which had led some CAs to even stop supporting them entirely (https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls/)

OCSPs – and specifically OCSP stapling – is a great solution for “no phone home” revocation checking.  And yet…..

Leonard

From: Christopher Allen <ChristopherA@lifewithalacrity.com>
Date: Friday, November 29, 2024 at 7:17 PM
To: Andres Olave <andres.olave@velocitycareerlabs.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Steve Capell <steve.capell@gmail.com>, W3C Credentials CG <public-credentials@w3.org>
Subject: Re: Goals and Requirements for DID Method Standardization?

EXTERNAL: Use caution when clicking on links or opening attachments.

My challenge for long-lived VCs is that likely they require more than digital signatures, such aa additional proofs. Until we have some better choices for quantum-resistant signatures (a tough nut to crack) that means at minimum publicly provable time stamps with no phone-home or correlation (I currently use
https://opentimestamps.org<https://opentimestamps.org/> and am investigating very large Sphinx hash-based co-signing).

My example use case is that I have over a hundred students that got their MBA in Sustainable Systems from an accredited small college, circa 2009. The school was then BGI.edu, become Pinchot.edu, merged with Presidio.edu, acquired by Dominican College. Multiple states, multiple accreditation bodies. But they should be able to have a credible MBA digital certificate for life. They can’t currently.

Other long-term scenarios are IP transfers (not only copyright & trademark but trade secrets), fiduciary and healthcare directives, marriage related (a particular challenge given same-sex marriage being illegal in many countries), etc. Even many peer credentials need to survive a peers death.

Biggest challenge in this category will be physical real property, or property mixed physical with digital (art in particular). Both will need to be provable 70+ years, well into a quantum-capable future.

— Christopher Allen

Received on Sunday, 1 December 2024 18:04:41 UTC