-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One foundational key representation please #115
Comments
Thanks for this and the other two suggestions! I think with regard to this topic, the current spec is not so far from what you are proposing, insofar as it already defines The DID WG had several dedicated calls about key formats. Early on, the idea was that the specification would support JWK, plus formats that are common for a given key type (e.g. PEM for RSA, Base58 for Ed25519, Hex for sep256k1). Even though the specification doesn't mention properties such as Personally, I think we found a good balance in the spec, i.e. |
The issue was discussed in a meeting on 2021-08-31
View the transcript6. Next DID WG CharterSee github issue did-wg-charter#11, did-wg-charter#12, did-wg-charter#13.
Brent Zundel: the reason this is a longer topic is due to issues that have been raised that we should discuss Drummond Reed: folks are still encouraged to reply in the issue, especially with citations to our earlier discussions of those topics. Brent Zundel: Microsoft is recommending non-normative guidance on cross-compatibility between JSON and JSON-LD Joe Andrieu: There was a proposal to include Kyle Den Hartog: Brent Zundel: The question of what DID methods could reach consensus would be challenging Ted Thibodeau Jr.: Going through the exercise of determining which DID methods could become normative could be a work item for the W3C Credentials Community Group Drummond Reed: likes the idea of looking at the DID Rubric and taking an evolutionary path |
While we have proponents in the group that are arguing for one key format, there are also proponents (such as my company) where JWK does not meet a number of use cases and requires more complex processing than some of the more modern key formats (such as Ed25519). The group ended up standardizing two ways to express keys... the "broad/verbose" approach, which is expressing a JWK... and the "narrow/compact" approach, which is publicKeyMultibase. The first should fit use cases where key expression size and format (both storage size and algorithmic processing) is more complex. The second should fix use cases where key expression size and format is more compact and simpler -- there are legitimate use cases where this matters, such as compression of the signed message and public keys into QR Codes that need to be expressed using less than 250 bytes of data AND where the signature can be verified offline that the JWK key format is not capable of addressing. Our company would be a -1 to any proposal that attempts to remove features that we need for our customers, including one that attempts to remove |
If the argument is to support another, more compact format which supports multiple keys that was designed for simpler constrained environments, I would suggest looking at COSE as a base rather than multicodec. As COSE has been a published RFC for four years, it is far less challenging to normatively reference. Specifically around COSE - one can limit which parameters are defined in acceptable keys to the three above. One also can say it must be encoded deterministically, at which point an Ed25519 key would effectively have a fixed binary header on the (otherwise unencoded) binary X value. With respect to multibase, I don't understand the desire to use it. The textual encoding of binary data is just about always context-specific in standards. Variable encoding just increases the complexity of parsing and the chance of interoperability issues. E.g. In a JSON/JSON-LD DID document key format, you would typically mandate base64 because it is the most efficient encoding that is compatible with the text format it is embedded within. In a DID method specification which embeds binary data in the URI, you might instead choose to mandate one of the base58 schemes - trading off some encoding efficiency for OCR/human transcribability. But what benefit comes from overriding that base decision in the spec (e.g. my implementation doing base32 instead of the base58 recommendation)? I have a hard time understanding what benefits would override the interoperability consequences. |
Addressing this would be beyond the current scope of the draft charter. |
This was discussed during the #did meeting on 12 September 2024. |
This issue has been transferred from did-core since the key representations are talked about in this specification and did-core will build on top of this specification. |
This is part of the feedback from Microsoft's ballot response to the DID Core spec transition to REC AC review. As it pertains to future work on that spec, @iherman encouraged me to file it here for consideration in the charter process (as applicable). See also w3c/did-imp-guide#42, w3c/did-wg-charter#13.
Microsoft believes that interoperability of the spec could be improved with a single foundational key representation. We would prefer implementers use JSON Web Key for representing cryptographic keys. We believe JSON Web Key would be a great
baseline of support that could be extended with additional formats. Any additional formats included in the spec text should include the appropriate usage context. See related section of the DID-Core spec, Section 5.2.1.
The text was updated successfully, but these errors were encountered: