Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add OpenPgpSignature2019 as a JSON-LD Signature Suite #71
New Work Item Proposal
OpenPgpSignature2019 is a JSON-LD Signature Suite that uses OpenPGP for signing and verifying, and is otherwise like RsaSignature2017 and others, I've done my best to get it as close to the other references as possible.
GPG/PGP/OpenPGP have support in many existing software systems, such as Github, are familiar to many users, and offer a unique opportunity to bridge older more established privacy technologies with new emerging standards like the DID spec, so long as the integration with JSON-LD Signatures can be formalized.
I'm seeking collaborators for reviewing the implementation, completing the signature suite spec, cross linking to relevant specs, and any comments or suggestions.
I'm also happy contribute the codebase to the DIF or elsewhere if that is recommended, its my hope that this JS implementation might be followed by other languages, and having a well formed spec is key to supporting that.
I'm a member of the DIF and this working group, but not this github org.
@kimdhamilton I am Cofounder / CTO at Transmute, sorry should probably have mentioned that. We're members of the DIF and the W3C. Our work with DID and Verifiable Credentials, has motivated us to expand support for larger key types in ethr-did uport-project/ethr-did#30, and we believe that support for PGP might be an attractive target for DID interoperability, assuming we can define the signature suite in sufficient detail. We also work on https://github.com/decentralized-identity/element and https://github.com/decentralized-identity/github-did.
In working with JSON-LD signature suites, particularly ones which support secp256k1, I've been frustrated by implementation differences that can cause incompatibility across implementations for the same suite, for example: jolocom/jolocom-lib#261
My hope is to ensure that if there is a suite approved for OpenPGP it does not suffer similar challenges.
It's possible Manu will sign up with you, but this other person needs to be identified before the work item can be proposed.
Afterward, the chairs will announce a review period to gather feedback from the community. If this sounds like overkill for what you intended, the informal work item review process is much more lax, and we can go ahead and proceed. (The only concrete difference to you at the moment would be where the repo is hosted.)
ccing @msporny in case he has more context/desires on this.
@kimdhamilton Thanks, so far I've not found another editor, I've made the announcement and asked around in a couple of channels. While I wait to hear back, is there any reason not to start informal and transition once I can find another editor / move the spec further along by myself?
Thanks for the effort on this.
From today's CCG call: