search

w3c / vc-di-ecdsa

Data Integrity specification for ECDSA using NIST-compliant curves
https://w3c.github.io/vc-di-ecdsa/
Other
9 stars 9 forks source link

Excelsior Pass divergence #3

Closed clehner closed 11 months ago

clehner commented 2 years ago

Should it be mentioned, e.g. as a security consideration, that proof type EcdsaSecp256r1Signature2019 is used by the NYS Excelsior Pass but not according to this specification? More info: https://github.com/spruceid/ssi/issues/330

msporny commented 1 year ago

I suggest that the spec should stay silent on EcdsaSecp256r1Signature2019 if it's no longer used and/or widely deployed. It looks like the Plus one uses something different?

Suggest that we close the issue w/ no change to the specification. Would that work for you @clehner?

martyr280 commented 11 months ago

@clehner any further comments here or can this be closed?

clehner commented 11 months ago

I think Excelsior Pass EcdsaSecp256r1Signature2019 all expired and are no longer accepted. This spec no longer uses that proof type anyway (since b10095065d1acca58c08f0caf3aa5625860afd52). Excelsior Pass Plus is SMART Health Card (ref: https://github.com/mponton/vaxcheck/issues/2#issuecomment-922511555, https://github.com/fproulx/shc-covid19-decoder/pull/6#issuecomment-903433322)