Comments (4)
jandrieu
commented on August 15, 2024
@thehenrytsai What's the use case you are trying to address? Although the 16KB limit is arbitrary, it provides a quantifiable floor for herd privacy.
The sense of the group is that far too many developers will just do the minimum or choose the default, so to empower users across the board, we need a floor to assure that the quick-to-market developer ships something reasonable.
It was claimed that compressing a 16KB bitstring typically reduces to a few hundred bytes (in scenarios with relatively few flipped bits).
If you have a use case that needs a smaller data size, we might be able to help find alternative solutions that maintain that herd privacy characteristic.
from vc-bitstring-status-list.
iherman
commented on August 15, 2024
The issue was discussed in a meeting on 2023-09-15
- no resolutions were taken
View the transcript
1.7. Can the spec relax/remove the requirement on minimal bit length? (issue vc-status-list-2021#14)
See github issue vc-status-list-2021#14.
Manu Sporny: asks if we can relax / remove the requirement on the minimum bit for the status list ...
… currently 16 KBs.
… the concern here is around privacy .... providing at least a minimum ...
… do we want to leave the hard privacy decision to the implementors?
… some authors of the status list may pick minimum population sizes that do not provide hard privacy?
… or at least we could provide a floor.
… do we want a minimum guaranteed privacy setting for these lists?
… or do we want ot leave that open to authors? understanding that they can pick bad values.
Gabe Cohen: +1 keep the floor.
Joe Andrieu: i agree that it is arbitrary.
… but i do agree that we need a floor.
… most people use defaults, should be a good one.
Manu Sporny: the current number is arbitrary.
… we took 16 KBs and run through gzip .... seemed reasonable ...
… we could increase/decrease ... but very strongly arguing that we should have a decent floor.
… since we are going to multibits ... we should try to get good defaults.
… responding to dwait, the verifier shoud reject.
Kristina Yasuda: we can't make a decision right now, need input from implementors ...
Joe Andrieu: we should ask a specific use case ... maybe it is an iot situation where size matters ...
… i'll add that comment.
Brent Zundel: action is to do nothing, see if we hear back.
from vc-bitstring-status-list.
thehenrytsai
commented on August 15, 2024
@jandrieu, the desire at the time was to have a "nicer round" number so that it is arguably "friendlier" to end users when they read implementor's documentations and think about "orders or magnitude" of protection; it also makes it easier to have an accurate description on how the status list work when verbally describing the mechanism as opposed to giving an "approximate" number, this is something that I encountered at the time having to explain the mechanism to various people.
ie. "we aggregate 100,000 status into one list to a achieve herd-privacy..." instead of an seemingly odd arbitrary number: we aggregate 131,072 status into one list..."
But ultimately this is a nice to have IMO, not a deal breaker. Changing the default to 100,000 is also a viable alternative, a nice round number is "more meaningful" in this day of age IMO.
from vc-bitstring-status-list.
msporny
commented on August 15, 2024
ie. "we aggregate 100,000 status into one list to a achieve herd-privacy..." instead of an seemingly odd arbitrary number: we aggregate 131,072 status into one list..."
You can always say "We aggregate roughly 100,000 statuses into one list." <-- just change the way you convey the information to be less precise. Only developers implementing will probably care about the details; they'll be the ones that look at the specification and see the 16 KiB figure.
I'm going to close the issue without a change to the specification since this problem can be addressed by just presenting the information differently to people that don't need to understand the details. Please re-open if you disagree.
from vc-bitstring-status-list.
Related Issues (20)
- Conformance classes need to be defined HOT 2
- Rename "size" to "statusSize" HOT 5
- Rename `reference` to `statusReference` HOT 2
- Remove `ttl` HOT 5
- Matching of VC issuer and Status List VC issuer - MAY vs MUST HOT 5
- Add `@type` to `encodedList` term definition HOT 4
- "bitstring" vs "bit string" HOT 4
- Accessibility self-review of Bitstring Status List v1.0
- Internationalization Self-Review for Bitstring Status List v1.0
- Horizontal Reviews for Bitstring Status List v1.0 HOT 1
- Encoding of `statusListIndex` HOT 3
- `statusPurpose` type `message` unclear HOT 2
- `credentialSubject.statusMessage` localizable? HOT 3
- Processing error `title` and `detail` need lang/dir guidance HOT 5
- Testing with revoked and not-revoked credential HOT 1
- Align bitstring structure and IETF Token Status List structure? HOT 3
- Precise timestamps of status changes HOT 2
- Credential Type Mismatch between the Spec and the Schema HOT 4
- Verification algorithm should say what happens if schema isn't followed HOT 2
- Invalid JSON in Example 1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vc-bitstring-status-list.