DIDComm Messaging Specification

DIDComm Messaging is a secure, decentralized messaging protocol designed to enable trusted communication between parties using Decentralized Identifiers (DIDs). The protocol provides message-level security and privacy through encryption, authentication, and routing capabilities.

Key differentiating features:

• Built on decentralized identifiers rather than centralized PKI
• Transport-agnostic design works across any communication channel
• Message-level rather than transport-level security
• Support for both synchronous and asynchronous communication
• Enables routing through intermediaries while maintaining privacy
• Composable protocols that inherit security properties

Core Technical Components:

1. Message Types:

• DIDComm Plaintext Messages: Base JSON messages
• DIDComm Signed Messages: Messages with non-repudiable signatures
• DIDComm Encrypted Messages: Messages with confidentiality and integrity

2. Security Features:

• Authenticated Encryption using ECDH-1PU
• Anonymous Encryption using ECDH-ES
• Support for multiple key types including X25519, P-256, P-384, P-521
• Content encryption using A256CBC-HS512, A256GCM, XC20P

3. Message Structure:

• Headers for metadata and routing
• Body for protocol-specific content
• Attachments for additional content

4. Core Protocols:

• Routing Protocol for message delivery
• Trust Ping Protocol for testing connectivity
• Discover Features Protocol for capability discovery
• Out-of-Band Protocol for establishing connections

Let's examine each key aspect in detail:

Purpose and Scope:
The protocol enables secure, private communication built on DIDs while remaining transport-independent. It provides message-level security guarantees including:

• Confidentiality through encryption
• Integrity protection
• Authentication of sender
• Support for repudiable and non-repudiable messages
• Forward secrecy capabilities

Key Technical Specifications:

• Messages use JSON Web Message (JWM) format
• Encryption uses JOSE standards (JWE, JWS)
• Supports multiple key types and curves
• Provides message threading and correlation
• Enables attachments and additional content

Implementation Requirements:

• Must support both authenticated and anonymous encryption
• Must implement required cryptographic algorithms
• Must handle message routing and forwarding
• Must process message headers correctly
• Must validate signatures and encryption

Security Considerations:

• Message-level rather than transport security
• Perfect forward secrecy through key rotation
• Protection against man-in-the-middle attacks
• Sender privacy protection options
• Support for both repudiable and non-repudiable messages

Interoperability Features:

• Transport agnostic design
• Protocol discovery mechanism
• Standardized message formats
• Common crypto algorithms
• Extensible protocol framework

Current Adoption:
The specification is being implemented by various identity and SSI projects, with growing adoption in the decentralized identity ecosystem. It serves as a foundation for higher-level protocols and applications.