[privacy-request] Issue: Verifiable Credential Data Integrity (and vc-di-eddsa and vc-di-ecdsa) 2023-06-15 -> 2023-07-31 (#120) marked as REVIEW REQUESTED from Manu Sporny via GitHub on 2023-06-15 (public-privacy@w3.org from April to June 2023)

From: Manu Sporny via GitHub <sysbot+gh@w3.org>
Date: Thu, 15 Jun 2023 17:29:59 +0000
To: public-privacy@w3.org
Message-ID: <issues.labeled-1759267468-1686850196-sysbot+gh@w3.org>

msporny has just labeled an issue for https://github.com/w3cping/privacy-request as "REVIEW REQUESTED":

== Verifiable Credential Data Integrity (and vc-di-eddsa and vc-di-ecdsa) 2023-06-15 -> 2023-07-31 ==
- Name of specs to be reviewed:
  * [Verifiable Credential Data Integrity](https://www.w3.org/TR/vc-data-integrity/)
  * [EdDSA Cryptosuite v2022](https://www.w3.org/TR/vc-di-eddsa/)
  * [ECDSA Cryptosuite v2019](https://www.w3.org/TR/vc-di-ecdsa/)

- URL of specs:
  * [Verifiable Credential Data Integrity](https://www.w3.org/TR/vc-data-integrity/)
  * [EdDSA Cryptosuite v2022](https://www.w3.org/TR/vc-di-eddsa/)
  * [ECDSA Cryptosuite v2019](https://www.w3.org/TR/vc-di-ecdsa/)

- What and when is your next expected transition?
  - Transition to Candidate Recommendation in September 2023 (at W3C TPAC)
- What has changed since any previous review?
  - There has bee no previous review of these specifications
- Please point to the results of your own self-review (see https://w3c.github.io/apa/fast/checklist.html)
  - https://github.com/w3c/vc-data-integrity/issues/98
- Where and how to file issues arising?
  - https://github.com/w3c/vc-data-integrity/issues
- Pointer to any explainer for the spec?
  - https://www.w3.org/TR/vc-data-integrity/#introduction

Other comments:

The three specifications listed above are cryptographic message securing mechanisms and are intended to be reviewed together. The first specification, Verifiable Credential Data Integrity, is the base specification that defines the base concepts and algorithms. The "EdDSA Cryptosuite" and "ECDSA Cryptosuite" specifications are concrete implementations of the base specification and each define specific cryptographic algorithms and processes to be used when providing data integrity protection for Verifiable Credentials.

When reviewing the Security and Privacy considerations, it is important to first be aware of the Security and Privacy Considerations for Verifiable Credentials:

* [Verifiable Credential Security Considerations](https://www.w3.org/TR/vc-data-model-2.0/#security-considerations)
* [Verifiable Credential Privacy Considerations](https://www.w3.org/TR/vc-data-model-2.0/#privacy-considerations)

and then consider the Security and Privacy considerations provided in the Verifiable Credential Data Integrity specification:

* [Verifiable Credential Data Integrity Security Considerations](https://www.w3.org/TR/vc-data-integrity/#security-considerations)
* [Verifiable Credential Data Integrity Privacy Considerations](https://www.w3.org/TR/vc-data-integrity/#privacy-considerations)

and then finally consider the Security and Privacy considerations for each cryptography suite.

See https://github.com/w3cping/privacy-request/issues/120


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 15 June 2023 17:30:01 UTC