Re: Chartering work has started for a Linked Data Signature Working Group @W3C from Manu Sporny on 2021-05-25 (semantic-web@w3.org from May 2021)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 25 May 2021 09:29:19 -0400
To: semantic-web@w3.org
Message-ID: <5b74276c-f851-9b11-1b63-827ddf84879d@digitalbazaar.com>

PFPS wrote:
> A big problem, in my view, is the impression being given that all the 
> problems have been solved.  And not just solved but examined, signed off, 
> and implemented.

Let's put this false impression to rest, then. No one is saying we are 100%
sure that the problem has been solved and that there are no issues or errors
anywhere. Case in point: the LDP document lists a number of issues that need
further discussion in a WG setting.

What is being stated is:

1. There has been peer-reviewed vetting of the algorithms
   being submitted as input to the LDS WG and there are no
   known fatal issues (these are the mathematical proofs,
   input documents, input implementations, and test
   suite).

2. What exactly you would consider an appropriate "sign
   off" is unknown, there have been papers published and
   vetted and implemented with a test suite with all known
   attack strategies and multiple implementations
   passing... does that qualify as sign-off? I expect we'd
   also want to convene a WG and get the WG to sign off
   as well.

3. It is clear that things have been implemented... I've
   pointed to those implementations previously... people
   are using those implementations in their products
   today.

... but none of that should give you (or anyone else here) the impression that
we're done. The reason we want to convene a LDS WG is to put all of this
through it's paces... we've done as much as can be reasonably expected outside
of an official WG... no one is saying "we're completely done", "there are no
problems", "we are 100% sure of the solution", or anything approaching those
statements. We want an LDS WG because we want to be able to come closer to
saying we're confident in the set of solutions under a set of circumstances
with a set of known security and privacy concerns. That's the closest we'll
ever get to being sure... security isn't about being 100% sure of everything,
it's about expected inputs under known conditions and probabilities of a
certain security layer not failing under that scenario.

To reiterate the above:

No one is saying "all the problems have been solved".

What we are saying is that "We believe the input documents have received
enough vetting to be used as input into a LDS WG that will then do further
vetting to raise the probability that the solution isn't broken under known
inputs and conditions."

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Tuesday, 25 May 2021 13:29:36 UTC