Hi Stephen, Hi Achim, thanks for your comments. > I think, what is more in question is the comparison > of the new certficate type with the two currently used ones (x509 and > Raw Public Key). Reading your link, my first impression is, that this > is pretty similar to x509 but in json. So talking about "only option" > seems to be a little over done.
In our opinion, the difference between VC and X.509 is not just a matter of format. In SSI, the identity consists of the key pair, the DID, and the VC. The first two components are under the control of the endpoint, so it can (i) update/rotate its key pair without having to update the VC, and (ii) immediately revoke its DID on the ledger if the keys are compromised. > The "privacy problem" may disappear, if the DLT is > part of that "IoT deployment" and is not considered > as an external component. Anyway, it's the proposal > of others, so it's also their mission to argument > and convince others. In general, DLTs allow participants to deploy and run their own node and synchronize it with the public net. The node becomes the gateway to the distributed ledger, and it can be configured to only serve requests (i.e. DID resolution) that come from the IoT system. This option eliminates the need for the TLS endpoint in the IoT system to interact with a third-party public node and avoids the associated privacy issues. Best Regards Andrea _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
