Re: Experimental did:cel Witness Service (open-source)

I don’t share the concern about log size becoming unsustainable over a
decade or two, for all the reasons others have mentioned. One thing to
note: an identifier’s life cycle depends on its use case. Which identifiers
should really last a decade? I can think of only something like CA roots.

And perhaps there’s some miscommunication, how do we envision an
identifier’s life cycle? Should it last as long as possible, or be replaced
over time?

Anyway, the witness and provision service [1] now supports post-quantum
ready DI cryptosuites [2]: mldsa44-jcs-2024, mldsa44-rdfc-2024,
slhdsa128-jcs-2024, slhdsa128-rdfc-2024.

and here’s a new live oblivious witness signing with the VC DataIntegrity
cryptosuite mldsa44-jcs-2024:
https://witness-purple-5qnvfghl2q-uk.a.run.app

Thank you, Patrick and Stephen, for sparking this discussion!

[1] https://github.com/filip26/iron-did-cel
[2] https://w3c-ccg.github.io/di-quantum-safe/

On Wed, Mar 11, 2026 at 8:02 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Wed, Mar 11, 2026 at 2:09 PM Jori Lehtinen <lehtinenjori03@gmail.com>
> wrote:
> > I think it is not so much about the actual size, but how much a
> cloud-provider charges you if you want to host these logs at scale.
>
> Yes, that's a good consideration.
>
> Github (free tier) has a 5GB soft limit per repository.
> Google Drive (free tier) has a 15GB limit.
> Dropbox (free tier) has a 2GB limit.
>
> AWS S3 storage for 5GB would be approximately $0.115 per month.
>
> Not bad... we should run some numbers to see how did:cel and did:webvh
> fare under something like MLDSA PQ signatures. I will note that GregB
> has been doing some good work on the post-quantum Data Integrity
> specs, including JCS support.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> https://www.digitalbazaar.com/
>
>