HTTP/3, DIDs - any new developments or thoughts
From IIW
HTTP/3, DIDs – Any New Developments Or Thoughts
Thursday 21D
Convener: Eric Welton
Notes-taker(s): Eric Welton
Tags for the session - technology discussed/ideas considered: HTTP/3, DID, DIDComm, ClientCertificates,TLS, getting rid of Mr. Login
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Review of HTTP->(HTTP/2,SPDY->QUIC)->HTTP/3
What happened w/ DID + TLS
- TLS says nothing about Certificate Authorities
- openssl deeply codes ideas of CAs, hard to extend lib for pluggable certificate validation
- client certificates are there, but never caught on
DIDComm
- Hear-ro is looking at WebRTC over DIDComm
- Can DIDComm handle high volume/rates? Maybe no?
- Gaming industry wants high volume/rates for example
- Blending Layers - active exploration of pushing encryption down from the top towards the transport, transport pushes back, where does it balance - e.g. server + client certificates requires a huge ask of both sides for “registry lookup”
- Do not Tunnel everything over DiDComm
What is the pain point TLS/ w QUIC Do we need to encrypt everything is there a role for HTTP
- some content *needs* pairways encryption
- some data can be encrypted from sender for all clients (all subscribers see the same, but not suitable for public)
ultimately it is not clear how close HTTP/3 w/ pairwise encryption is to the DIDComm ideal
- worth a little more investigation to understand exactly where it breaks down
- likely breaks down with the cost of registry lookups
CAs still do provide value