- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 13 May 2021 09:31:27 -0400
- To: "Peter F. Patel-Schneider" <pfpschneider@gmail.com>, Ivan Herman <ivan@w3.org>
- Cc: semantic-web <semantic-web@w3.org>
On 5/13/21 7:32 AM, Peter F. Patel-Schneider wrote: > I strongly suggest that you get a computer security expert to look through > the current version of the documents mentioned in the charter. At this > point I think this review should be required even if the charter is revised > to no longer point to these documents. As an Editor of the proposed input documents, I'll be the first to admit that they could be in much better shape. Yes, the documents are trailing the implementations and need quite a bit of editorial clean up to be improved. That said, the most important aspects of these documents have undergone multiple reviews over the past several years by trained mathematicians analysing the formal proofs as well as security and cryptography engineers, as stated in the explainer: https://w3c.github.io/lds-wg-charter/explainer.html#generalProblem These specifications have implementations (starting as of 8+ years ago) and have been through multiple interoperability plugfests. Multiple vendors that have done implementations are also undergoing analysis via SRI, NIST, DHS, and other US and European Federal Government agencies (so far, so good). To be clear, we're not done and the more eyes the better. However, none of us should be under the impression that these technologies haven't had some level of security expert review. There is no expectation that input documents are frozen in time and can't be improved once the WG is under way... -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Thursday, 13 May 2021 13:31:48 UTC