- From: Tobias Looker <tobias.looker@mattr.global>
- Date: Fri, 15 Sep 2023 04:22:06 +0000
- To: "public-vc-wg@w3.org" <public-vc-wg@w3.org>
- CC: Paul Bastian <paul.bastian@posteo.de>, Orie Steele <orie@transmute.industries>, Manu Sporny <msporny@digitalbazaar.com>
- Message-ID: <ME4P282MB127244495DD3E3F92AD508089DF6A@ME4P282MB1272.AUSP282.PROD.OUTLOOK.COM>
> It would also be good to hear from @Tobias Looker<mailto:tobias.looker@mattr.global> on this topic. The majority of the work on BBS over the past couple of years has been at the cryptographic scheme definition level (e.g the CFRG draft), rather then working on how it integrates with data representation layer technologies like data integrity / linked data proofs, or the emerging JSON Web Proof (JWP). When it comes to representation layer technologies my personal opinion is that the JWP work occurring over at the IETF is much more promising approach which avoids many of the complexities of things like data canonicalization. Thanks, [MATTR website]<https://mattr.global/> Tobias Looker MATTR +64 273 780 461 tobias.looker@mattr.global<mailto:first.last@mattr.global> [MATTR website]<https://mattr.global/> [MATTR on LinkedIn]<https://www.linkedin.com/company/mattrglobal> [MATTR on Twitter]<https://twitter.com/mattrglobal> [MATTR on Github]<https://github.com/mattrglobal> This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it – please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. From: Orie Steele <orie@transmute.industries> Date: Friday, 15 September 2023 at 7:04 AM To: Manu Sporny <msporny@digitalbazaar.com> Cc: Paul Bastian <paul.bastian@posteo.de>, public-vc-wg@w3.org <public-vc-wg@w3.org> Subject: Re: [EXT] Re: LS from GSMA EIG to W3C EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Would the GSMA cryptographers be willing to help address the security issues associated with RDF DataSet Canonicalization, in the context of multimessage zero knowledge proofs built on top of application/n-quad based selective disclosure schemes with unlinkability? If they are eager to help address those concerns, and they see value in application/n-quads as the base informational unit for unlinkable credential data models, I think it makes sense for us to comment specifically on that in whatever the working group puts forward. I agree with Manu's comment about signature fingerprints, however I think it's important to acknowledge what is "possible theoretically, and assuming a lot of work that still has not been done and might not be done in the lifetime of the charter" vs "what the spec / draft allows today". The current BBS DataIntegrityProof spec does not enable unlinkability. That does not mean that BBS can't support it, but if people are signing up to support the work without understanding that it is still not delivering on its primary value proposition over ecdsa-sd or sd-jwt... That's a problem, and we should ensure the record is set straight before everyone gets disappointed, or the marketing hype of bbs washes away its maturity and current capabilities. I say this having seen that happen at least once before for BBS and for AnonCreds which offered a similar set of capabilities... It can hurt the mission of digital credentials a lot, when technical capabilities or performance are oversold. Let's be clear in the liason statement why GSMA is interested in RDF based selective disclosure... let's not phrase it as RDF based unlinkability and selective disclosure, until it can do those things. If GSMA wants to contribute RDF and crypto experts to help close this gap, let's get to work!... but it will require RDF expertise... not just crypto expertise. I hope this clarifies further my previous comments. OS On Thu, Sep 14, 2023 at 2:32 AM Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>> wrote: On Wed, Sep 13, 2023 at 6:35 PM Paul Bastian <paul.bastian@posteo.de<mailto:paul.bastian@posteo.de>> wrote: To give some perspective, you should follow this thread [1] at the eIDAS ARF. It seems GSMA suddenly woke up and realized they need to be part of it. I've given them seven reasons why BBS+ is currently not favored for the PID, but they seem not to understand. Hmm, my read on that thread is a bit different. There are a number of legitimate criticisms of SD-JWT as applied to the PID and a call for better technical solutions. I note that there are individuals from the IETF CFRG, not just GSMA (who have deep expertise in cryptography), that are criticising SD-JWT and calling for BBS+-based solutions. So I assume they are privacy advocates at any cost or they might have a hidden agenda. Presume good faith; getting an official liaison statement out of GSMA is not a trivial thing to do -- it almost certainly went through multiple approval processes so we can't just cast the request aside based on a presumption of a "hidden agenda". One could say that SD-JWT or ecdsa-sd's "hidden agenda" is tracking people using signature fingerprints -- which is not conducive to a productive discussion. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/ -- ORIE STEELE Chief Technology Officer www.transmute.industries [Image removed by sender.]<https://transmute.industries/>
Attachments
- image/png attachment: image001.png
- image/png attachment: image002.png
- image/png attachment: image003.png
- image/png attachment: image004.png
- image/png attachment: image005.png
Received on Friday, 15 September 2023 04:22:20 UTC