w3c / vc-data-integrity

W3C Data Integrity Specification
https://w3c.github.io/vc-data-integrity/
Other
42 stars 19 forks source link

[ECDSA] Highlight security/privacy trade-offs between RDF-CANON and JCS #194

Closed msporny closed 1 year ago

msporny commented 1 year ago

From the PING's review (https://github.com/w3cping/privacy-request/issues/120):

The spec should highlight the security tradeoffs that occur between section 3.1 and section 3.2 or select one to avoid encountering issue 1 highlighted in the https://github.com/w3cping/privacy-request/issues/121#issuecomment-1638908803 . The security of section 3.1 relies upon https://www.w3.org/TR/rdf-canon/ which is light on the security and privacy sections as well. It appears it's undergoing a review at the moment as well with https://github.com/w3cping/privacy-request/issues/118

/cc @kdenhartog

msporny commented 1 year ago

Moving this to vc-data-integrity as duplicating content here and in eddsa cryptosuite doesn't make sense.

msporny commented 1 year ago

PR #199 has been raised to address this issue. This issue will be closed once PR #199 has been merged.

msporny commented 1 year ago

PR #199 has been merged, closing.