Closed dwight-holman closed 2 years ago
Related to this, there's an extension DID resolution option called "transformKeys", which you can use to instruct a resolver to convert between key formats. E.g. if a DID method uses EcdsaSecp256k1VerificationKey2019 in its DID documents, then a resolver can convert that to JsonWebKey2020.
See here: https://github.com/decentralized-identity/did-spec-extensions/blob/main/parameters/transform-keys.md
@peacekeeper: I saw that, and I can't tell if it's been implemented anywhere, or just described. "transformKeys" as a string doesn't appear anywhere in decentralized-identity outside of documentation.
Do you know if anyone has a resolver which actually does that? It seems like it would be very expensive to implement as described.
I think we should also limit the DID Document's Verification Method types to JsonWebKey2020 or EcdsaSecp256k1VerificationKey2019, using the publicKeyJwk field instead of publicKeyMultibase or a deprecated field.
I would be in favor of a simpler solution of limiting Verification Method types as proposed above.
I'm also in favor of this for compatibility.
@dwight-holman to make PR as proposal to discuss in next meeting
if key types are bound to DID methods rather than signature suites, I think we can address the issue of limiting to JWK, and not mandating multibase (any one can still implement it outside this profile) in a way other than mentioning concrete sig suites? ie just clarify, JWK is used with the DID methods currently chosen in the spec.
We have some language limiting the key formats to secp256k1 and ed25519, but nothing about a consistent key format in the DID Documents.
I think we should also limit the DID Document's Verification Method types to JsonWebKey2020 or EcdsaSecp256k1VerificationKey2019, using the
publicKeyJwk
field instead ofpublicKeyMultibase
or a deprecated field.