HTTP/3, DIDs - any new developments or thoughts

From IIW

HTTP/3, DIDs – Any New Developments Or Thoughts

Thursday 21D

Convener: Eric Welton

Notes-taker(s): Eric Welton

Tags for the session - technology discussed/ideas considered: HTTP/3, DID, DIDComm, ClientCertificates,TLS, getting rid of Mr. Login

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Review of HTTP->(HTTP/2,SPDY->QUIC)->HTTP/3 What happened w/ DID + TLS

TLS says nothing about Certificate Authorities
openssl deeply codes ideas of CAs, hard to extend lib for pluggable certificate validation
client certificates are there, but never caught on

DIDComm

Hear-ro is looking at WebRTC over DIDComm
Can DIDComm handle high volume/rates? Maybe no?
Gaming industry wants high volume/rates for example
Blending Layers - active exploration of pushing encryption down from the top towards the transport, transport pushes back, where does it balance - e.g. server + client certificates requires a huge ask of both sides for “registry lookup”
Do not Tunnel everything over DiDComm

What is the pain point TLS/ w QUIC Do we need to encrypt everything is there a role for HTTP

some content *needs* pairways encryption
some data can be encrypted from sender for all clients (all subscribers see the same, but not suitable for public)

ultimately it is not clear how close HTTP/3 w/ pairwise encryption is to the DIDComm ideal

worth a little more investigation to understand exactly where it breaks down
likely breaks down with the cost of registry lookups

CAs still do provide value