Open lovesh opened 4 years ago
I suggest we create security-v3-unstable note that its unstable, and add this, and a lot of other stuff there. @msporny @dlongley thoughts?
Wanted to check if this is under consideration to get added?
Wanted to check if this is under consideration to get added?
The W3C VC2WG is getting ready to spin up soon to tackle these sorts of questions. The short answer is that, yes, we can support Sr25519 signatures in the new work... there is a big design refactor (that's backwards compatible) that's going to be performed, so your keys and signatures might end up looking like this:
{
"@context": ["https://w3id.org/security/multikey/v1"],
"id": "did:example:123456789abcdefghi#keys-1",
"type": "MulticodecVerificationKey",
"controller": "did:example:123456789abcdefghi",
"publicKeyMultibase" : "zsJV1eTDACogBS8FMj5vXSa51g1...m1kweTABZZNRSc"
}
and your signatures might end up looking like this:
{
"@context": ["https://w3id.org/security/data-integrity/v1"],
"type": "DataIntegritySignature",
"cryptosuite": "eddsa-sr-2022",
"created": "2021-11-29T20:35:38Z",
"verificationMethod": "did:example:123456789abcdefghi#keys-1",
"proofPurpose": "assertionMethod",
"proofValue": "z2rb7doJxczUFBTdV5F5pehtbUXPDUgKVugZZ99jniVXCUpojJ9PqLYV
evMeB1gCyJ4HqpnTyQwaoRPWaD3afEZboXCBTdV5F5pehtbUXPDUgKVugUpoj"
}
You can read more about the cryptosuites under consideration for the VC2WG work here:
https://w3c.github.io/vc-wg-charter/#deliverables
All that to say, you won't need to request that any new vocabulary terms are added to the security vocabulary. There will be ONE cryptosuite you'll have to register (something to the effect of eddsa-sr-2022
) with the cryptosuite registry... but that's it. Hope that helps.
We want to propose supporting Sr25519 in the security context, i.e. https://w3id.org/security/v2. We propose adding
Sr25519Signature2020
andSr25519VerificationKey2020
in the@context
.Would this be a new version like security/v3 or can the existing v2 be updated by updating
@version
? Would like to understand the process of getting this approved, is updating (or creating new) context and updating the index.html sufficient?Sr25519 is Schnorr signature using the Ristretto compression of curve25519. It has a Rust implementation called Schnorrkel that compiles to WASM and thus usable in JS applications (from polkadot-js). Relevant links