Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

what's new section #96

Merged
merged 4 commits into from
Sep 21, 2020
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions guide/whatsnew.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## What's New?

The version of DIDComm incubated in the Hyperledger Aries community is referred to as Version 1 (V1). This spec describes the next version, referred to as Version 2 (V2). This section will describe the changes between V1 and V2, useful to members of the Aries community.

### Summary of Changes

- Formalization of methods used in V1
- JWM based envelope
- ECDH-1PU standardized form of AuthCrypt
- Both DID and key in each message
- Special Handling of Peer DIDs eliminated
- Message structure split between 'headers' and body.
- No AnonCrypt encryption method.

### Practical Changes

The list of changes above leads to practical changes in how DIDComm is used.

#### DID Exchange not needed

Each message contains both the sender key (used in the encryption layer), and the sender's DID. The exchange of DIDs that occurs via the DID Exchange Protocol used in V1 occurs in each message that is transferred. Rotating DIDs is accomplished via the `prior_did` header. These features make the DID Exchange Protocol redundant.

One side effect of the DID Exchange Protocol in V1 was that you confirmed the validity of the DID with a round trip to the other party. Many protocols will provide this assurance via the flow of the protocol prior to the point where round-trip testing is required. When this round-trip is desired prior to the beginning of a protocol, a round trip with another protocol (such as Trust Ping or Feature Discovery) can provide the same assurance.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fully agree with this paragraph. It is totally accurate. However, I remain uncomfortable that we're not adequately pointing out the significance of this semantic difference. Under V1, all protocols assumed that a secure pipe already existed and the DID of the first mover in the protocol would be pairwise and stable throughout the protocol run. Under V2, the DID of the initial mover/sender has to change at step 2 of the protocol to achieve the same guarantee, and all protocol impls need to tolerate DID rotation in the middle. If DID rotation is not used, and if the first message is OOB, then external observers can learn the DID and endpoint used by one of the parties. For some ephemeral use cases, this may not be a problem -- but as a general pattern, we have introduced a lurking antipattern that we should be warning against with documentation somewhere.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've cleaned up the language a bit. I think we need a guide section about DID Rotation, and why it must be used under normal conditions to prevent leaking the externally passed DID as you point out.


#### No technical difference between Ephemeral Mode and Full Mode

Ephemeral mode in V1 was a method of passing messages without first performing an exchange of DIDs. Given that we no longer have a need to perform an exchange of DIDs prior to passing messages of another protocol, we no longer need to designate a mode for ephemeral interactions.

#### Use Peer DIDs (or other suitable DID method) in place of AnonCrypt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still cannot use did:peer as I said in #33 (comment).

The from and from_prior fields would need to be tweaked such that DID URLs be used instead of just DIDs.

And even then, I'm not so sure of the implications of such a tweak...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well... I think the initial-state idea was completely scrapped from did-core... so now we depend on did:peer to provide the initial state in a DID.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given wg call discussion on 2020/09/14, the DIDComm JWM profile needs to be adjusted to accommodate whatever method the DID spec/community chooses to pass off/pre ledger recorded information.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we talked about on the WG call, when we change to a DID URL we'll want to specify that during the "from" validation process the DID must be resolved to a full did document rather than de-referenced to only the key included in that DID URL. I agree that we're going to need to carry the parameters through though and changing from DID to DID-URL would allow this to occur.


Anoncrypt was a method present in V1 that allowed a message to be encrypted to a recipient without involving the recipient keys. The ease of using Peer DIDs allows the sender to remain anonymous using the existing authenticated encryption method. The encryption properties are the same between the methods. Eliminating this option makes the spec simpler without loosing any features.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this description of Anoncrypt is not quite accurate. It allowed a message to be encrypted to the recipient in a way that absolutely did involve the recipient keys; what made it interesting is that the sender keys were ephemeral and newly generated for each message (and therefore unrecognizable to the recipient as belonging to anybody in particular).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unfortunate typo: that should read ' involving the sender keys'. I have a reworded fix.


#### Message Level Decorators now represented as Headers

The adjusted structure of DIDComm messages now represents message level decorators as message headers. An example includes `thread_id`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

parent thread id will also need to be defined.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given wg call discussion on 2020/09/14, we will update the JWM DIDComm Profile to pull forward thread_id as well as adding parent threads.


3 changes: 2 additions & 1 deletion specs.json
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@
"spec_directory": "./guide",
"markdown_paths": [
"intro.md",
"routing.md"
"routing.md",
"whatsnew.md"
]
}
]
Expand Down