intro refinements

Cybersecurity-LINKS · Nov 13, 2023 · 1eb49c2 · 1eb49c2
1 parent f4c46ef
commit 1eb49c2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/draft-vesco-vcauthtls.md b/draft-vesco-vcauthtls.md
@@ -75,7 +75,7 @@ After that, the node can request a VC from one of the Issuers available in the s
 The combination of the key pair ($sk, pk$), the DID and at least one VC forms the identity compliant with the SSI model.
 A node requests access to services by presenting a Verfiable Presentation [VP](https://www.w3.org/TR/vc-data-model-2.0/). The VP is an envelop of the VC signed by the node holding the VC with its $sk$. The verifier authenticates the node checking the authenticity of the VP and the validity and authenticity of the inner VC before granting or denying access to the requesting node.
 <!-- The SSI model subtends the peer-to-peer model of interaction where both types of authentication are possible using VP; one node authenticates the other, or the nodes can authenticate each other. --> 
-The current implementations of the authentication process involves the combination of two different identity technologies. A client node estabhlishes a TLS channel authenticating the server node with the server's X.509 certificate. Then the server node authenticate the client node that sends its VP at application layer (i.e. over the TLS channel already established). The mutual authentication with VPs occours when also the server node exchange its VP with the client node again at application layer.
+The current implementations of the authentication process run at the Application layer. A client node estabhlishes a TLS channel authenticating the server node with the server's X.509 certificate. Then the server node authenticate the client node that sends its VP at application layer (i.e. over the TLS channel already established). The mutual authentication with VPs occours when also the server node exchange its VP with the client node again at application layer.
 
 SSI is emerging as an identity option for Internet of Thing and Edge nodes in computing continuum environments. In this scenarios, (mutual) authentication with VP can be directly done at TLS protocol layer making the the peer-to-peer model of interaction, envisioned by the SSI model, a reality. 
 This document describes the extensions to TLS protocol to support the use of VCs for authentication while preserving the interoperability with TLS endpoints that use X.509 certificates.