add did_methods extension

Cybersecurity-LINKS · Nov 9, 2023 · ce4d34d · ce4d34d
1 parent 0cf500d
commit ce4d34d
Showing 1 changed file with 40 additions and 31 deletions.
diff --git a/draft-vesco-vcauthtls.md b/draft-vesco-vcauthtls.md
@@ -51,63 +51,72 @@ This document defines a new certificate type and a new extension to exchange Ver
 
 W3C defined VC
 
+How to create identity in SSI and how to verify the VP (in HS sections describe how the hs covers the VP presentation).
+
 # Conventions and Definitions
 
 {::boilerplate bcp14-tagged}
 
-# VC Certificate type
+# Extensions
 
-~~~
-opaque ASN.1Cert<1..2^24-1>;
+## VC Certificate Type
 
-struct {
-   select(certificate_type){
-      // RawPublicKey certificate type defined in RFC 7250
-      case RawPublicKey:
-         opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
+The TLS extensions "client_certificate_type" and "server_certificate_type" [RFC7250] are used to negotiate the type of Certificate messages used in TLS to authenticate the server and, optionally, the client. Using separate extensions allows for mixed deployments where the client and server can use certificates of different types. 
 
-      // X.509 certificate defined in RFC 5246
-      case X.509:
-         ASN.1Cert certificate_list<0..2^24-1>;
+   /* Managed by IANA */
+   enum {
+      X509(0),
+      RawPublicKey(2),
+      VC(224),
+      (255)
+   } CertificateType;
 
-      // The new certificate type definied in this document
-      case VC:
-         opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
+   struct {
+      select(certificate_type){
+         // The new certificate type defined in this document
+         case VC:
+            opaque cert_data<1..2^24-1>;
 
-      // Additional certificate type based on
-      // "TLS Certificate Types" subregistry
-   };
-} Certificate;
-~~~
+         // RawPublicKey certificate type defined in RFC 7250
+         case RawPublicKey:
+            opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
 
-TLS Certificate types (IANA)
+         // X.509 certificate defined in RFC 5246
+         case X509:
+            opaque cert_data<1..2^24-1>;
 
+         // Additional certificate type based on
+         // "TLS Certificate Types" subregistry
+      };
+   } Certificate;
 
-| value | name | recommended | Reference | comment |
-|-------|------|-------------|-----------|---------|
-| 4 | Verifiable Credential | | This document | |
+# did_methods extension
 
+   /* Managed by IANA */
+   enum {
+      iota(0),
+      ..
+      (65535)
+   } DIDMethod
 
-# Structure of the FOOBAR Extensions
+   struct {
+      DIDMethod did_methods<2..2^16-2>
+   } DIDMethodList
 
-## ssi_parameters
+   [did-registry](https://www.w3.org/TR/did-spec-registries/#did-methods)
 
-## foobar1
+did_methods extension could be sent only in ClientHello and CertificateRequest messages.
 
-## foobar2
+# TLS Client and Server Handshake
 
-# Possibly the new Messages
 
-# TLS Client and Server Handshake Behavior
 
 ## ClientHello
 
 ## CertificateRequest
 
 ## Certificate
 
-## CertificateVerify
-
 # An alternative Design / Design Consideration
 
 # Examples