From aae0656805317fbfc3ec72eb741db477488fa43a Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Fri, 29 Dec 2023 15:39:17 -0500 Subject: [PATCH 1/3] Raise error when status list size does not meet minimum threshold. --- index.html | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/index.html b/index.html index 5700b71..4684fb2 100644 --- a/index.html +++ b/index.html @@ -245,15 +245,16 @@

Conceptual Framework

data format since, in the average case, large numbers of credentials will remain unrevoked. This will ensure long sections of bits that are the same value and thus highly compressible using run-length compression techniques -such as GZIP [[RFC1952]]. The default bitstring size is 16KB (131,072 entries), -and when only a handful of verifiable credentials are revoked, the -compressed bitstring size is reduced down to a few hundred bytes. +such as GZIP [[RFC1952]]. The default status list size is 131,072 entries, +equivalent to 16KB of single bit values. When only a handful of verifiable +credentials are revoked, the compressed bitstring size is reduced down to a +few hundred bytes.

Another benefit of using a bitstring is that it enables large numbers of -verifiable credential statuses to be placed in the same list. -This specification utilizes a minimum bitstring length of 131,072 (16KB). This +verifiable credential statuses to be placed in the same list. +This specification utilizes a minimum list length of 131,072. This population size ensures an adequate amount of herd privacy in the average case. If better herd privacy is required, the bitstring can be made to be larger.

@@ -779,6 +780,11 @@

Validate Algorithm

Bitstring Expansion Algorithm.
  • +If the length of the |revocation bitstring| divided by +`size` is less than 131,072, raise a +STATUS_LIST_LENGTH_ERROR. +
    • +
  • Let |status| be the value in the |bitstring| at the position indicated by the |credentialIndex| multiplied by the |size|. If the |credentialIndex| multiplied by the |size| is a value outside of the range of the |bitstring|, a @@ -929,7 +935,9 @@

    Processing Errors

    -
    STATUS_RETRIEVAL_ERROR (-128)
    +
    +STATUS_RETRIEVAL_ERROR (-128) +
    Retrieval of the status list failed. See Section . @@ -939,6 +947,13 @@

    Processing Errors

    Validation of the status entry failed. See Section .
    +
    +STATUS_LIST_LENGTH_ERROR (-130) +
    +
    +The status list does not meet the minimum herd privacy length requirements. +See Section . +
    From 83b2f04ece06f36b2a8c779afcf31db32c7d7be4 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Fri, 29 Dec 2023 19:13:55 -0500 Subject: [PATCH 2/3] Fix grammar in minimum status list size text. Co-authored-by: Ted Thibodeau Jr --- index.html | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index 4684fb2..cb3970b 100644 --- a/index.html +++ b/index.html @@ -246,17 +246,17 @@

    Conceptual Framework

    remain unrevoked. This will ensure long sections of bits that are the same value and thus highly compressible using run-length compression techniques such as GZIP [[RFC1952]]. The default status list size is 131,072 entries, -equivalent to 16KB of single bit values. When only a handful of verifiable -credentials are revoked, the compressed bitstring size is reduced down to a -few hundred bytes. +equivalent to 16 KB of single bit values. When only a handful of +verifiable credentials are revoked, GZIP compresses the bitstring +to a few hundred bytes.

    Another benefit of using a bitstring is that it enables large numbers of verifiable credential statuses to be placed in the same list. -This specification utilizes a minimum list length of 131,072. This -population size ensures an adequate amount of herd privacy in the average case. -If better herd privacy is required, the bitstring can be made to be larger. +This specification uses a minimum list length of 131,072. This +size ensures an adequate amount of herd privacy in the average case. +If better herd privacy is required, the bitstring can be made larger.

    @@ -951,8 +951,8 @@

    Processing Errors

    STATUS_LIST_LENGTH_ERROR (-130)
    -The status list does not meet the minimum herd privacy length requirements. -See Section . +The status list length does not satisfy the minimum length required for +herd privacy. See Section .
    From 601246f3a8c22ba8647f1b2aeadca805c08a6897 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sat, 13 Jan 2024 14:42:06 -0500 Subject: [PATCH 3/3] Allow `minimumNumberOfEntries` to be different size than default. --- index.html | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index cb3970b..e9c6552 100644 --- a/index.html +++ b/index.html @@ -747,6 +747,10 @@

    Validate Algorithm

    BitstringStatusListEntry.
  • +Let |minimumNumberOfEntries| be 131,072 unless a different lower bound is +established by a specific ecosystem specification. +
    • +
  • Let |status purpose| be the value of `statusPurpose` in the `credentialStatus` entry in the |credentialToValidate|. @@ -781,8 +785,8 @@

    Validate Algorithm

  • If the length of the |revocation bitstring| divided by -`size` is less than 131,072, raise a -STATUS_LIST_LENGTH_ERROR. +`statusSize` is less than |minimumNumberOfEntries|, +raise a STATUS_LIST_LENGTH_ERROR
  • Let |status| be the value in the |bitstring| at the position indicated @@ -792,8 +796,8 @@

    Validate Algorithm

    raised.
  • -
    • Let |result| be an empty [=map=]. +
  • Set the `status` key in |result| to |status|, and set the `purpose` key in |result| to the value of `statusPurpose`.