- From: Drummond Reed <Drummond.Reed@gendigital.com>
- Date: Sat, 30 Nov 2024 20:24:57 +0000
- To: Michael Prorock <mprorock@mesur.io>, Steve Capell <steve.capell@gmail.com>
- CC: Christopher Allen <ChristopherA@lifewithalacrity.com>, Andres Olave <andres.olave@velocitycareerlabs.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <DM6PR13MB31315B4D2DE5F72AA0AC70229D2B2@DM6PR13MB3131.namprd13.prod.outlook.com>
+1 to them being two separate topics, and +1 to both being important for different use cases and reasons. It’s worth pointing out that, in many ways, these challenges are not specific to DIDs. They are challenges for any type of public key infrastructure. They just become magnified when that infrastructure is decentralized and the scale of public/private key usage becomes much larger. =Drummond From: Michael Prorock <mprorock@mesur.io> Date: Friday, November 29, 2024 at 7:48 PM To: Steve Capell <steve.capell@gmail.com> Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, Andres Olave <andres.olave@velocitycareerlabs.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org> Subject: Re: Goals and Requirements for DID Method Standardization? +1 Steve Definitely two separate topics On Fri, Nov 29, 2024, 17:39 Steve Capell <steve.capell@gmail.com<mailto:steve.capell@gmail.com>> wrote: I Think there are two very separate business requirements here 1- maintaining VC verifiability when controller of issuer did no longer exists 2- upgrading cryptography when the underlying algorithm becomes vulnerable My immediate concern is #1 because it happens every day today. But that doesn’t discount the importance of #2 Steven Capell Mob: 0410 437854 On 30 Nov 2024, at 11:15 AM, Christopher Allen <ChristopherA@lifewithalacrity.com<mailto:ChristopherA@lifewithalacrity.com>> wrote: My challenge for long-lived VCs is that likely they require more than digital signatures, such aa additional proofs. Until we have some better choices for quantum-resistant signatures (a tough nut to crack) that means at minimum publicly provable time stamps with no phone-home or correlation (I currently use https://opentimestamps.org<https://opentimestamps.org/> and am investigating very large Sphinx hash-based co-signing). My example use case is that I have over a hundred students that got their MBA in Sustainable Systems from an accredited small college, circa 2009. The school was then BGI.edu, become Pinchot.edu, merged with Presidio.edu, acquired by Dominican College. Multiple states, multiple accreditation bodies. But they should be able to have a credible MBA digital certificate for life. They can’t currently. Other long-term scenarios are IP transfers (not only copyright & trademark but trade secrets), fiduciary and healthcare directives, marriage related (a particular challenge given same-sex marriage being illegal in many countries), etc. Even many peer credentials need to survive a peers death. Biggest challenge in this category will be physical real property, or property mixed physical with digital (art in particular). Both will need to be provable 70+ years, well into a quantum-capable future. — Christopher Allen
Received on Saturday, 30 November 2024 20:25:05 UTC