Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

One foundational key representation please #115

Open
travisleithead opened this issue Aug 26, 2021 · 8 comments
Open

One foundational key representation please #115

travisleithead opened this issue Aug 26, 2021 · 8 comments
Assignees
Labels
editorial This item is editorial in nature. pr exists A Pull Request exists to address this issue.

Comments

@travisleithead
Copy link
Member

travisleithead commented Aug 26, 2021

This is part of the feedback from Microsoft's ballot response to the DID Core spec transition to REC AC review. As it pertains to future work on that spec, @iherman encouraged me to file it here for consideration in the charter process (as applicable). See also w3c/did-imp-guide#42, w3c/did-wg-charter#13.

Microsoft believes that interoperability of the spec could be improved with a single foundational key representation. We would prefer implementers use JSON Web Key for representing cryptographic keys. We believe JSON Web Key would be a great
baseline of support that could be extended with additional formats. Any additional formats included in the spec text should include the appropriate usage context. See related section of the DID-Core spec, Section 5.2.1.

@peacekeeper
Copy link
Contributor

Thanks for this and the other two suggestions! I think with regard to this topic, the current spec is not so far from what you are proposing, insofar as it already defines publicKeyJwk as one of two properties for verification method formats.

The DID WG had several dedicated calls about key formats. Early on, the idea was that the specification would support JWK, plus formats that are common for a given key type (e.g. PEM for RSA, Base58 for Ed25519, Hex for sep256k1). Even though the specification doesn't mention properties such as publicKeyHex or publicKeyBase58 anymore, they are still quite common in various DID method implementations.

Personally, I think we found a good balance in the spec, i.e. publicKeyJwk and publicKeyMultibase are defined, and others can be used as extensions. But your proposal of having a single foundational key representation would definitely also have advantages.

@iherman
Copy link
Member

iherman commented Sep 5, 2021

The issue was discussed in a meeting on 2021-08-31

  • no resolutions were taken
View the transcript

6. Next DID WG Charter

See github issue did-wg-charter#11, did-wg-charter#12, did-wg-charter#13.

Brent Zundel: https://github.com/w3c/did-wg-charter/issues

Brent Zundel: the reason this is a longer topic is due to issues that have been raised that we should discuss
… the goal is to go through them briefly, then I encourage WG members to respond in the issues
… the first issue is "one foundational key representation please" from Microsoft.
… this has received extensive discussion in the WG already

Drummond Reed: folks are still encouraged to reply in the issue, especially with citations to our earlier discussions of those topics.

Brent Zundel: Microsoft is recommending non-normative guidance on cross-compatibility between JSON and JSON-LD
… this sort of non-normative guidance would, in Brent's opinion, be in scope under the new charter
… but would also retrod well-trodden ground
… Microsoft would also like the WG to take the challenge to define a universal, mandatory-to-implement DID method
… this would take the WG out of maintenance mode

Joe Andrieu: There was a proposal to include did:web and did:key in the charter, but that was not done in order to keep it a maintenance WG
… so this could be a chance to do that

Kyle Den Hartog: did:key could work, but worried that did:web would derail the conversation
… and not sure what would be the third

Brent Zundel: The question of what DID methods could reach consensus would be challenging
did:peer might also be a candidate that could reach consensus

Ted Thibodeau Jr.: Going through the exercise of determining which DID methods could become normative could be a work item for the W3C Credentials Community Group
… but the DID Rubric might be a better tool for evaluating this

Drummond Reed: likes the idea of looking at the DID Rubric and taking an evolutionary path

@msporny
Copy link
Member

msporny commented Oct 25, 2021

In general, the topic of JSON Web Keys and cross-format compatibility guidance was a topic of regular debate in the Working Group and the result of that debate was the current contents of the DID Core specification. If further language is desired, it is suggested that those wanting that language to exist in the specification submit a PR that can be reviewed and further debated by the Working Group.

While we have proponents in the group that are arguing for one key format, there are also proponents (such as my company) where JWK does not meet a number of use cases and requires more complex processing than some of the more modern key formats (such as Ed25519). The group ended up standardizing two ways to express keys... the "broad/verbose" approach, which is expressing a JWK... and the "narrow/compact" approach, which is publicKeyMultibase. The first should fit use cases where key expression size and format (both storage size and algorithmic processing) is more complex. The second should fix use cases where key expression size and format is more compact and simpler -- there are legitimate use cases where this matters, such as compression of the signed message and public keys into QR Codes that need to be expressed using less than 250 bytes of data AND where the signature can be verified offline that the JWK key format is not capable of addressing.

Our company would be a -1 to any proposal that attempts to remove features that we need for our customers, including one that attempts to remove publicKeyMultibase from the specification and Linked Data Integrity in general.

@dwaite
Copy link

dwaite commented Nov 19, 2021

While we have proponents in the group that are arguing for one key format, there are also proponents (such as my company) where JWK does not meet a number of use cases and requires more complex processing than some of the more modern key formats (such as Ed25519).

  1. A minimal Ed25519 key in JWK is an Object with a fixed type descriptor, a fixed format descriptor, and the X value.
  2. If you want it in COSE key format, it is a Map with a fixed type descriptor, a fixed format descriptor, and the X value.
  3. A multibase multicodec key is going to be a type descriptor, and the X value. There is also an additional encoding format parameter from multibase, which may be variable in publicKeyMultibase

If the argument is to support another, more compact format which supports multiple keys that was designed for simpler constrained environments, I would suggest looking at COSE as a base rather than multicodec. As COSE has been a published RFC for four years, it is far less challenging to normatively reference.

Specifically around COSE - one can limit which parameters are defined in acceptable keys to the three above. One also can say it must be encoded deterministically, at which point an Ed25519 key would effectively have a fixed binary header on the (otherwise unencoded) binary X value.

With respect to multibase, I don't understand the desire to use it. The textual encoding of binary data is just about always context-specific in standards. Variable encoding just increases the complexity of parsing and the chance of interoperability issues.

E.g. In a JSON/JSON-LD DID document key format, you would typically mandate base64 because it is the most efficient encoding that is compatible with the text format it is embedded within. In a DID method specification which embeds binary data in the URI, you might instead choose to mandate one of the base58 schemes - trading off some encoding efficiency for OCR/human transcribability.

But what benefit comes from overriding that base decision in the spec (e.g. my implementation doing base32 instead of the base58 recommendation)? I have a hard time understanding what benefits would override the interoperability consequences.

@brentzundel
Copy link
Member

Addressing this would be beyond the current scope of the draft charter.
Defining this would be something a future DID WG could address, and it pertains to the core data model. I am going to transfer this issue to that repository.

@brentzundel brentzundel transferred this issue from w3c/did-wg-charter Oct 19, 2022
@msporny msporny added the ready for pr This issue is ready to have a pull request created for it. label Sep 12, 2024
@pchampin
Copy link

pchampin commented Sep 12, 2024

This was discussed during the #did meeting on 12 September 2024.

@msporny msporny transferred this issue from w3c/did-core Oct 30, 2024
@msporny msporny added the editorial This item is editorial in nature. label Oct 30, 2024
@msporny msporny self-assigned this Oct 30, 2024
@msporny
Copy link
Member

msporny commented Oct 30, 2024

This issue has been transferred from did-core since the key representations are talked about in this specification and did-core will build on top of this specification.

@msporny msporny added the during CR This issue will be addressed during Candidate Recommendation label Oct 30, 2024
@msporny
Copy link
Member

msporny commented Nov 16, 2024

PR #120 has been raised to address this issue. This issue will be closed once PR #120 has been merged.

@msporny msporny added pr exists A Pull Request exists to address this issue. and removed ready for pr This issue is ready to have a pull request created for it. during CR This issue will be addressed during Candidate Recommendation labels Nov 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
editorial This item is editorial in nature. pr exists A Pull Request exists to address this issue.
Projects
None yet
Development

No branches or pull requests

7 participants