2022-12-20 ACDC Meeting Notes

Samuel Smith 

Phil Feairheller 

Lance Byrd 

Kevin Dean 

Rodolfo Miranda 

Neil Thomson 

Agenda

• Announcements
  
  • GLEIF Issuing Production vLEIs this week
    • Press Release
      • https://www.gleif.org/en/newsroom/press-releases/first-suite-of-vlei-services-to-enable-digital-signing-and-automated-verification-of-corporate-caller-ids
    • GLEIF Reporting API
      • https://search.gleif.org/#/record/506700GE1G29325QX363/verifiable_credentials
      • https://search.gleif.org/#/record/984500983AD71E4FBC41/verifiable_credentials
    • Ecosystem Governance Framework documents published
      • https://www.gleif.org/en/vlei/introducing-the-vlei-ecosystem-governance-framework
  • RootsID Demo'ed a Cardano Ledger Backer used to create an inception and several rotation events 
  • XBRL International Digital Signatures working group meeting
• Reports Immplementation of ACDCs
  • vLEI
  • ViRA (verifiable iXBRL Report Attestation)
  • GS1 looking to implement in 2023
  • HCF was older implementation but more work in future
• Items
  
  • TLS with ACDCs
    • Soon to be support for over the wire encryption for CESR
      • We need to add support for variable length code for encrypted primitive
      • Bare metal encrypted protocol for gossip protocol, over UDP for example
      • Once we have codes for variable length encrypted primitives, they can be embedded in ACDCs or DIDComm messages
    • DIDComm or TLS are options to use right now.
      • With CESR we could have a scalable UDP streaming protocol
    • Scalability and performance are the main reasons to use something other than DIDComm or TLS 
    • Authenticity, confidentiality and privacy are the three trade offs of the CAP theorem 
    • Encrypted at motion vs encrypted at rest
      • DIDComm and TLS solve the encrypted channel (at motion) problem.  But once received, the encryption are thrown away.
      • With TLS alone and passwords you are vulnerable to attacks that can steal your password
      • With KERI over TLS a TLS attack can make you vulnerable to loss of confidentiality because they can see the content but not loss of any secrets because there are no shared secrets with KERI
        • Good tradeoff to use KERI over TLS now.  
      • In January we'll have codes for symmetric and asymmetric encrypted primitives.
    • How about OIDC4VC & OIDC4VP?
      • you can't have zero-trust with identity providers
      • identity providers can become super aggregators
      • Neil: The main use for VCs for OIDC is for Enterprise environments - not general internet
      • Many websites are converting from passwords to passkeys which will allow to bypass OpenID
    • What happened to DIDComm v3
      • Daniel Hardman will be starting that work in January to define v3, heavily KERI influenced.  Tentatively for January 9th 9pm CET
      • Stripped down to what DIDComm does best
      • Daniel: There is a DIDComm gossip protocol
        • https://github.com/dhh1128/didcomm.org/blob/gossyp/gossyp/README.md
      • Lance:  Should agents that have implemented DIDComm v1 transition to DIDComm v2 or wait for v3?
        • Daniel- go ahead and move to v2 because that will get you closer to v3.
  • GLEIF well-known root-of-trust