Re: [Agenda] W3C CCG 2024-05-07 - Parallel Signatures in Verifiable Credentials from Manu Sporny on 2024-05-11 (public-credentials@w3.org from May 2024)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 11 May 2024 14:03:32 -0400
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>, Harrison <harrison@spokeo.com>
Message-ID: <CAMBN2CTzo0iiq51f+dqwXQp2bN1p23DrGnRpye35E8aPOKczsQ@mail.gmail.com>

On Wed, May 8, 2024 at 3:36 PM Nikos Fotiou <fotiou@aueb.gr> wrote:
> JSON Web Signatures JSON serialization allows for multiple signatures for a single payload (

Yes, that's where we started some of the parallel signatures work many
years ago. Unfortunately, we hit limitations with the approach pretty
quickly.

For example, the need to encode everything in a base-64 encoded blob
meant that indexing these sorts of documents in document-based
databases was not possible without duplicating the data. Encapsulating
one signed object inside of another signed object resulted in
double-base64-encoding bloat for every level of signature (which
matters when signing a verifiable presentation that includes a
verifiable credential, for example). Transformation steps are frowned
upon by the community that works on those specifications. There are no
patterns for selective disclosure or unlinkable disclosure with the
JSON serialization (and the new SD-JWT and JWP work in the area
doesn't use it). The ability to do syntax-agnostic signatures are
tenuous without a major rework and there doesn't seem to be a desire
to do that. The list goes on.

Fundamentally, the approach was a dead end. You can get some of the
features we have with Data Integrity and Parallel Signatures, but
certainly not all of them, and definitely not some of the key features
(unless a lot of effort were to be put into an extension). That's not
to say it's not possible without a significant amount of work, but if
one were to do that, you'd just end up with something that is more or
less feature equivalent to something we already have.

> Please see the following for relevant features in COSE as well

Same sorts of problems as described above.

It's been possible to do multiple signatures on a single payload for
decades, but focusing on that misses the point. OpenPGP had this sort
of support[1] back in the 90s, but that's not the key innovation here.
The key innovation is that we can do multiple signatures, and
selective disclosure, and unlinkable disclosure, and re-use the same
signature across JSON, YAML, CBOR and other encodings, all on the same
base data model, with a single payload value, with embedded semantics,
and without having to invent new envelope formats for each new
cryptographic feature set. All that, and it still looks and feels like
JSON. It's the way that Data Integrity technology layers these things
together in a composable way; that's the breakthrough innovation.

-- manu

[1]https://datatracker.ietf.org/doc/html/rfc2440#section-5.2

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Saturday, 11 May 2024 18:04:12 UTC