Hi Stephen, Hi Achim, thanks for your comments. 

>  I think, what is more in question is the comparison
> of the new certficate type with the two currently used ones (x509 and
> Raw Public Key). Reading your link, my first impression is, that this
> is pretty similar to x509 but in json. So talking about "only option"
> seems to be a little over done.

In our opinion, the difference between VC and X.509 is not just a matter of 
format. In SSI, the identity consists of the key pair, the DID, and the VC. The 
first two components are under the control of the endpoint, so it can (i) 
update/rotate its key pair without having to update the VC, and (ii) 
immediately revoke its DID on the ledger if the keys are compromised. 

> The "privacy problem" may disappear, if the DLT is
> part of that "IoT deployment" and is not considered
> as an external component. Anyway, it's the proposal
> of others, so it's also their mission to argument
> and convince others.

In general, DLTs allow participants to deploy and run their own node and 
synchronize it with the public net. The node becomes the gateway to the 
distributed ledger, and it can be configured to only serve requests (i.e. DID 
resolution) that come from the IoT system. This option eliminates the need for 
the TLS endpoint in the IoT system to interact with a third-party public node 
and avoids the associated privacy issues.

Best Regards
Andrea
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to