Add sections on security/privacy and c14n method selection. #199
Conversation
msporny
requested review from
dlongley,
iherman,
Wind4Greg,
TallTed,
brentzundel,
Sakurann and
seabass-labrax
| </p> | ||
| <p> | ||
| If an application utilizes JSON-LD or might require the selective disclosure | ||
| of information in a secured document, then using a cryptography suite that |
There was a problem hiding this comment.
This is probably my missing domain knowledge, but I do not understand the second half of the sentence ("or might require..."). Can you explain?
There was a problem hiding this comment.
Yeah something grammatically doesn't seem correct here and I'm not picking up on what this is trying to say. Would be good to rephrase it I'm thinking.
There was a problem hiding this comment.
Hmm, it made sense to me. It reads as: "If an application ... might require selective disclosure of information in a secured document" .
There was a problem hiding this comment.
Ahh on re-reading this I figured out what was confusing for me. It would make sense if it's an AND because data-integrity is going to utilize JSON-LD and with SD then RDF-canon makes sense. If people just want SD without semantic security it's probably simpler to just point them to JWT-SD. Would we really want to point people at data integrity suites if they don't care about JSON-LD and want selective disclosure? Seems like forcing them to take on RDF-Canon if they only want SD without caring about the semantics is a bit more complex than necessary.
There was a problem hiding this comment.
@kdenhartog I've added some language to point people to securing mechanisms that don't do canonicalization in this commit: 464ac07
There was a problem hiding this comment.
@iherman and @kdenhartog I addressed the "and/or" issue via this commit: c3ffc66
| </p> | ||
| <p> | ||
| If an application utilizes JSON-LD or might require the selective disclosure | ||
| of information in a secured document, then using a cryptography suite that |
There was a problem hiding this comment.
Hmm, it made sense to me. It reads as: "If an application ... might require selective disclosure of information in a secured document" .
Co-authored-by: Dave Longley <[email protected]> Co-authored-by: Ted Thibodeau Jr <[email protected]>
|
Editorial, multiple reviews, changes requested and made, no objections, merging. |
This PR attempts to address issue #194 and #195 by adding guidance on selecting canonicalization mechanisms, from a security and privacy perspective, as requested by the horizontal reviews performed on the vc-data-integrity specification.
/cc @kdenhartog
Preview | Diff