Use digestMultibase with base64-url-nopad encoding for integrity. #1490
Conversation
msporny
requested review from
davidlehn,
dlongley,
jandrieu,
longpd,
iherman,
dmitrizagidulin,
TallTed,
David-Chadwick,
brianorwhatever,
decentralgabe,
selfissued,
KDean-Dolphin and
brentzundel
|
I don't see where sha2 or sha3 is specified. Am I missing it somewhere? |
It's specified in the reference to the Data Integrity spec in this section: https://pr-preview.s3.amazonaws.com/w3c/vc-data-model/pull/1490.html#integrity-of-related-resources Which refs this section: https://www.w3.org/TR/vc-data-integrity/#resource-integrity Which refs this section: https://www.w3.org/TR/vc-data-integrity/#multihash which defines SHA-2 and SHA-3 usage via Multihash header values. I admit that it's a fairly twisty path to get there, but the normative refs do exist. |
|
Some comments on things that should also be done (eventually) if the PR is accepted (possibly as part of this PR):
I also wonder whether the definition of the |
See also my remark in #1490 (comment): this dependency on the DI spec may not be what we want. Also, and to refer to @brianorwhatever's question: I think adding a non-normative reference (e.g., as part of a note) to the SHA algorithms in the VCDM would be helpful, IMHO. For a general reader, going down this "twisty path" should be avoided, IMHO. |
|
@iherman wrote:
We definitely DID NOT agree to that. :) We agreed to the opposite, which is why this normative "RECOMMENDED" text exists in the VCDM around securing mechanisms: https://w3c.github.io/vc-data-model/#securing-mechanisms VCDM has a normative dependency on VC-JOSE-COSE and VC-DATA-INTEGRITY, on purpose, because we wanted to RECOMMEND at least the securing mechanisms that the group was normatively defining. The group felt that if we didn't do that, there was no normative way to actually make the credential "verifiable". We did not do this for the v1.0 and v1.1 work and did not want to continue making the mistake of not normatively defining how to secure a VC. That ship sailed last year some time. There seem to be a few people in the WG that keep forgetting this, so I wanted to make sure to remind everyone of where we got to well BEFORE we went into CR. |
I stand corrected :-) Nevertheless: the controller document already has items on Multihash and Multibase (and the datatype for the latter), I still think that it would be a more natural place for the definition of |
|
mesur can't yet support this PR, as our implementation uses digestSRI, but I have started a conversation internally to discuss switching. |
msporny
added
normative
|
The issue was discussed in a meeting on 2024-05-29
View the transcript4.2. Use digestMultibase with base64-url-nopad encoding for integrity. (pr vc-data-model#1490)See github pull request vc-data-model#1490. Manu Sporny: the other one is the question around digest values.
Manu Sporny: A. use digestSRI. Brent Zundel: (representing measur.io, not as a chair) I believe the
Manu Sporny: it would be good to get feedback on the PR. Brent Zundel: thank you, manu. |
To be clear, Mesur has a customer that is insisting that SRI be used? Or is their requirement that a digest value be available to be checked?
Thanks for checking with your team, @brentzundel. Would mesur.io, or anyone else reviewing this PR, object to any of the alternatives below?
Are there other options that could gain broader consensus that Mesur can propose? |
|
I'm not opposed to either of the options you've outlined @msporny |
IMHO, Multibase, Multihash, Multikey, and For political reasons, they now exist in the Controller Document because some of the proponents of the Controller Document do not, under any circumstance, want to refer to the Data Integrity specification (even though they are already doing that in VCDM v2). Multihash isn't used at all in the Controller Document. Multibase is used to encode Multikeys, which are defined in the Controller Document (but are probably better defined in Data Integrity). Again, a definition of Multibase in Data Integrity with a reference from the Controller Document to Data Integrity would be better. We have what we have now, and I don't think any of the proponents of Data Integrity will have an issue with normatively referring to the Controller Document spec for whatever they need, but I wanted to highlight that the current structure is subpar from a technical/references perspective. |
I would vote for (1). The integrity of an external resource is not an issue of the securing mechanism, but the credential itself. I do not see any reason for binding the approach to that mechanism. The question that I raised in #1490 (comment) would still be valid, though. If we have both |
I know :-). It is as it is now, and we should make it as clean as possible. That is my only motivation... |
|
@iherman wrote:
While we're dancing on the head of a pin :), Data Integrity is not purely a securing mechanism. It is a collection of technologies, that includes a securing mechanism, that helps one secure graphs of information. The "data integrity" security happens at a lower level than the credential (though the credential might tie multiple proofs together, which is what
... and so on. You can, via the use of Additionally, the
Well, we're going to do something that is not as clean as possible, and is some hacky-thing that no one will object to (hopefully)... :) ... but, I get what you're saying, which I think is:
We could alternative define Any thoughts on where we define |
|
fwiw, I have a slight preference for defining them in VCDM |
Yes.
Yes.
Yes. Both are possible, and I do not have strong feeling about this either way. The only point is that they should be at the same place, i.e.,
is what I would not want. After all, all the usages of
As I said, I do not have a preference either way. I see that @brentzundel has a (slight) preference for VCDM, and that is o.k. with me. |
|
@iherman wrote:
No, that's not correct. :)
Following @brentzundel and @iherman's slight preferences, I'll go ahead and raise another PR to add |
msporny
force-pushed
the
msporny-digestMultihash
branch
from
1e680d2
to
0014b6d
Compare
|
The issue was discussed in a meeting on 2024-06-05
View the transcript5.2. Use digestMultibase with base64-url-nopad encoding for integrity. (pr vc-data-model#1490)See github pull request vc-data-model#1490. Manu Sporny: other thing we need to decide on is what digest formats we will support for related resource formats. See github pull request vc-data-model#1492. Manu Sporny: have not heard if anyone would formally object to supporting both, is in PR 1492. Brent Zundel: the two options that are before the group that have a chance of avoiding formal objection are.
Brent Zundel: not hearing or seeing anyone object to the option to include both. Manu Sporny: thank you, we will merge 1492, supporting both formats, to give more data to the group. I had to implement this this past weekend and it took 30min. Ted Thibodeau Jr.: which digest form were you adding? Manu Sporny: both, added support for every variation of both digest formats. Brent Zundel: additional PRs we should look at? Manu Sporny: yes, next set, 6 of these to remove at risk issue markers (confidenceMethod, renderMethod, refreshService, terms of use). |
|
This PR has been superseded by PR #1492, which has been merged, closing. |
This PR is an attempt to address issue #1489 by choosing a specific digest mechanism (Multihash locked to SHA2 and SHA3) with a specific base encoding format (Multibase locked to base64-url-nopad). IOW, the WG could not come to consensus on Option C, the current spec implements Option A (which does not have consensus), and this PR implements Option B.
Preview | Diff