Fwd: FYI: Cryptography Review and Recommendations for W3C VC and W3C DID Implementations by SRI International

Hi All,

For those of you not on the main CCG mailing list, please note that the report below will be discussed at the Feb 15 CCG call.

K.


> Begin forwarded message:
> 
> From: "John, Anil" <anil.john@hq.dhs.gov>
> Subject: FYI: Cryptography Review and Recommendations for W3C VC and W3C DID Implementations by SRI International
> Date: January 26, 2022 at 2:33:02 PM EST
> To: "public-credentials@w3.org" <public-credentials@w3.org>, Kerri Lemoie <klemoie@concentricsky.com>, Drummond Reed <drummond.reed@evernym.com>, Kaliya Identity Woman <kaliya@identitywoman.net>, Juan Caballero <juan.caballero@spruceid.com>, Mike Prorock <mprorock@mesur.io>, Heather Vescent <heathervescent@gmail.com>, Sharon Leu <sleu@jff.org>
> 
> Hello DID/VC Community,
>  
> As part of the in-depth technical due-diligence we are conducting in our multiple DHS/SVIP workstreams to enable operational capabilities for DHS/CBP, DHS/PRIV and DHS/USCIS using W3C Verifiable Credentials and W3C Decentralized Identifiers, DHS/SVIP sponsored the independent nonprofit research center SRI International (https://www.sri.com/ <https://urldefense.us/v3/__https:/www.sri.com/__;!!BClRuOV5cvtbuNI!QQnc651HVGJnMNYs-vSuaQ_LFlyrI91HPL5EhedGkojcjPJHCBFDlIMm6lAea-QRQTxJ$> ) to conduct a cryptographic review of the W3C Verifiable Credentials and W3C Decentralized Identifier standards.
>  
> This type of independent review is critically important for U.S. Government entities who are deploying capabilities based on these standards to ensure that the technologies conform to relevant U.S. Federal government standards and requirements, including the Federal Information Security Management Act (FISMA) and National Institute of Technology (NIST) standards for use of cryptography.
>  
> Please find attached (and online at the link below) the results of this independent review and the associated cryptography implementation recommendations.
>  
> https://docs.google.com/document/d/1EdCBSACtlBv2DxNZM67qi9F15Iv5uWOW/edit?usp=sharing&ouid=116879129655891111263&rtpof=true&sd=true <https://urldefense.us/v3/__https:/docs.google.com/document/d/1EdCBSACtlBv2DxNZM67qi9F15Iv5uWOW/edit?usp=sharing&ouid=116879129655891111263&rtpof=true&sd=true__;!!BClRuOV5cvtbuNI!QQnc651HVGJnMNYs-vSuaQ_LFlyrI91HPL5EhedGkojcjPJHCBFDlIMm6lAea80RqYf0$>
>  
>  
> Heather and Mike,
>  
> An ask on behalf of the SRI folks who conducted this work --- Do you think this work would be of interest to the broader community such that it would it be possible to get some dedicated time at the CCG (would appreciate a 45 – 60 minute block) for them to walk thru the work and answer any questions the community may have?
>  
> If you think that this is too government-centric and not relevant broadly, no worries … I’ll just point folks to the report.
>  
> Kaliya, Kerri, Sharon, Drummond and Juan,
>  
> It feels like this may be an area of common interest between CCG, DIF, ToIP and EDU, so wanted to make sure you were all aware of this work and if you all believe that it make sense to have some sort of a joint opportunity for this conversation to happen, I am happy to help on that.  Same note to you as well that if you consider this to be too government-centric, no worries – I can only lead horses to water, I cannot make them drink : -)
>  
> Best Regards,
>  
> Anil
>  
> Anil John
> Technical Director, Silicon Valley Innovation Program 
> Science and Technology Directorate 
> US Department of Homeland Security 
> Washington, DC, USA 
>  
> Email Response Time – 24 Hours
>  
>  <https://www.dhs.gov/science-and-technology>