At the moment, SCITT receipts with CCF tree algorithm rely on service and node certificates. This complicates matters, especially when looking at DID as service ids.
If possible, we want to end up in a place where:
The service identity keys sign the receipt (tree root) directly
Node certificates are not part of the receipt anymore
Only a DID and key id is included in a receipt
The DID document only publishes service identity keys, without the service certificates in "x5c"
The key id changes from being a hash of the certificate to a hash of the public key only
This would require an extension to CCF to support signing the tree root directly instead of (or in addition to) having node keys do the signing.
(Follow-up from https://github.com/microsoft/scitt-ccf-ledger/issues/53)
At the moment, SCITT receipts with CCF tree algorithm rely on service and node certificates. This complicates matters, especially when looking at DID as service ids.
If possible, we want to end up in a place where:
"x5c"
This would require an extension to CCF to support signing the tree root directly instead of (or in addition to) having node keys do the signing.