Work item suggestion: ECDSA Cryptosuite from Manu Sporny on 2023-03-05 (public-vc-wg@w3.org from March 2023)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 5 Mar 2023 18:03:40 -0500
To: W3C Verifiable Credentials Working Group <public-vc-wg@w3.org>
Message-ID: <CAMBN2CTAhg-v05qoSL9ZxVBwoObTHR2nDeiY=Ugp8ZQ9qZR=ww@mail.gmail.com>

Hi all,

Given that the VCWG has adopted the VC Data Integrity and EdDSA
Cryposuites, and abandoned the JWS-2020 cryptosuite, it's important
that we complete work on the ECDSA Cryptosuite. Here's why:

While NIST has recently approved EdDSA as a FIPS-186-5 approved
cryptographic algorithm, it has yet to publish a FIPS-140
cryptographic algorithm test suite for EdDSA. Getting something into
the FIPS-140 Cryptographic Module Verification Program is the first
step in getting hardware security module support for EdDSA.
Unfortunately, it is not expected that this will happen for several
years, which means that those of us that are using Data Integrity, and
have large enterprise, federal government, or state government
customers can't meet the needs of those customers that require the use
of hardware security modules with EdDSA in the short term.

We were in a position to use JWS-2020 to support those customers, but
now that the VCWG has abandoned the work item, we need a
replacement... which is the purpose of this email.

The ECDSA Cryptosuite was approved to be transitioned into the VCWG
last summer[1], with the Final Community Group Specification for ECDSA
produced[2] on July 24th 2022. Given the impending new work item
freeze / feature freeze in the VCWG at the end of March 2023, roughly
four weeks from now, we need to make the call for adoption of this
work item soon.

If you are an organization (or an implementer) that would like to see
support for ECDSA in the VC Data Integrity cryptosuites, and/or have
current or future customer needs for the use of hardware security
modules that support the ECDSA Cryptosuite, then please add your name,
title, and organization to the end of this Google Doc:

https://docs.google.com/document/d/1wcEg1P3AXOF0tUwzgNo_2IDLC_vBJNEGJRg_5JfprRM/edit

We'll be collecting signatures this week, and then running a call for
adoption in the VCWG once we have enough signatures. The more
signatures of support the better, you don't have to be a W3C Member to
sign the letter.

-- manu

[1]https://lists.w3.org/Archives/Public/public-credentials/2022Jul/0108.html
[2]https://www.w3.org/community/reports/credentials/CG-FINAL-di-ecdsa-2019-20220724/

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Sunday, 5 March 2023 23:04:29 UTC