Clarification on JWK `kid` handling during DID Document Reconstruction

Question

Clarification on JWK `kid` handling during DID Document Reconstruction

frankhinek opened this issue 9 months ago · 2 comments

Context

Section 4.3 Verification Methods states:

Each Verification Method rdata is represented with the form id=M;t=N;k=O where M is the key’s ID, N is the index of the key’s type from key type index, and O is the unpadded base64URL [RFC4648] representation of the public key.

Section 7.2 Size Constraints contains this note:

Key identifiers (kids) MAY be omitted. If omitted, upon reconstruction of a DID Document, the JWK kid is set to its JWK Thumbprint [RFC7638].

Question

Is the intent that, during property mapping, the kid of the publicKeyJwk entry of each verification be set to match the id property of the verification method?

Since only the kty and verification material are included in _kN._did. DNS resource records, there isn't any other way to include the kid. The language in 7.2 and example test vectors seems to be implying that the verification method id should always be used as the publicKeyJwk's kid.

Or was the intent to say that the id property of the _kN._did resource record could be omitted and during DNS packet decoding, and if so, the JWK Thumbprint of the key material would be used at the verification method ID?

This would technically save up to 48 bytes per verification method if the JWK Thumbprint was automatically used for the verification method ID (id=HTsY9aMkoDomPBhGcUxSOGP40F-W4Q9XCJV1ab8anTQ;), or ~5% of the space available. Although, another way to say space is use shorter verification method IDs (1, sig, etc.).

Answer 1 · 2024-02-05T20:35:47.000Z

Is the intent that, during property mapping, the kid of the publicKeyJwk entry of each verification be set to match the id property of the verification method?

Two cases:

There is an ID, it is both the kid of the JWK and id of the Verification Method
There is no ID, the JWK thumbprint is both the kid of the JWK and id of the Verification Method

Now there may be a third case that I do not believe we should support:
3. Similar to (1) but the kid is the JWK thumbprint but the id is the id of the Verification Method

I would suggest adding text to make it clear that (1) and (2) are the only possibilities to simplify implementations and limit confusion.

So, to answer...

Or was the intent to say that the id property of the _kN._did resource record could be omitted and during DNS packet decoding, and if so, the JWK Thumbprint of the key material would be used at the verification method ID?

Yes!

Answer 2 · 2024-02-05T21:52:18.000Z

Thanks -- so this clarifies the process of converting from DNS Packet to DID Document.

if _kN._did. contains an id property, then the DID Document produced would use this id value for both the kid of the JWK and the id of the Verification Method.
if _kN._did. does NOT contain an id property, then the DID Document produced uses the JWK Thumbprint of for both the kid of the JWK and the id of the Verification Method.

And to your point on the 3rd case, the following should not be supported:

A DID Document that contains verification method in which the JWK kid and Verification Method id property differ.