[OAUTH-WG] Re: WGLC for SD-JWT
Brian Campbell <bcampbell@pingidentity.com> Fri, 20 September 2024 16:18 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B35C14F68D for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 09:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oy9yI5WRk7vg for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13A2BC14F73E for <oauth@ietf.org>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id 5614622812f47-3e03c736466so1312496b6e.1 for <oauth@ietf.org>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1726849076; x=1727453876; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/zzCyHZ2pFESISlKHJJ9ycwBq8gytVH6qgBdlWxsbiM=; b=YlUtJ5iK122CbQEr+4rcq4SE0hPMNYCeGxql+QaQzQHJeiw1oAl0lVen7LBDP4YJHU Ga5pKangYYKssQjAKZrbCenmaYBRc+yyxklcDwIIa0zQMcS1lS33iwRF759pls/rn0jG WsXyIUzRLvssmSmbNIILDhe8fKCTvB/8RwQ5QKanqeP+tCdba12VvAOjztshgFdn0daA 9atQrbBqeG3JvZMq01QRKGDOOZQuNMteIXJ0jygoTHqw9BH9H8Yb5SPE9zIEmUpbgbx0 qUoEEohOS8hLQ7eFYRRlNRzRoC8360Sp2tRhvVMWWr319olEMCaeK/7gFU0aF34qgX4b Y13w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726849076; x=1727453876; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/zzCyHZ2pFESISlKHJJ9ycwBq8gytVH6qgBdlWxsbiM=; b=dCB6WcwLDqVpKbrtWvger0sVVlSuOhoHhy7+kqmWe1pdrMeZlKx58LGI72MwSYdUnN TEXm6KVwM928aaoOR+QIvwzm3+N1MbfRYdPAyI5kwafT0wVtKTgmCkM5NBhxKB9M6yhs /W+jDeRhvVLmsMhq/j94GcXbdeM6CCul+Wfk+fFVSk2yRf7aHPFjus50r8CVrMvVP5LT iHa/2DXI5XNM36iFS7RSlejT6Y7pnjwNht6r6ZYQnzTbp4mC7F5IWUUGhZ/31zCeWy90 yEDngopJfnPQ+9KPx7Fq+2cuFEH0W+QkbtUnco//buwx5ZxCN8WtSmnf8dpjr6kO8zlx yLmA==
X-Forwarded-Encrypted: i=1; AJvYcCVLILy1vW8kYa8oNkkR/TLzN8QagxO9XUdD1ZWr4UofZYXj8j/8SGa3LYXVkzKnfDHEzSz9Rg==@ietf.org
X-Gm-Message-State: AOJu0YxGhLnIOxb+WNknuzGR6nhV3EQh5T4BWITwpUp1qnyRWa3dDLZb Y+pQT15Gz+8yuJfLK8TTFfI4beIxuksCp1cxp1+0DDekyF1z5UbW0Wvr48GyY1nkhcQvLFmUEZI ojr3RRVmyqIbmgZJhxIFNDguzTIDA4LOPCrsglYgUnXf/2ApYeLuppzqZiYKn6E6rLYIEgfbJFf 3H8+Em0XwJR5WLPHLtf3tX+hY=
X-Google-Smtp-Source: AGHT+IF7rqMWC2WhiCMnPK9JCxBSqQWLx4YgX5/WHCVTvsmyaXgeaRqjC9vJ+c7lrToEvxWzm6YTlXK6DpOa7pX+pBM=
X-Received: by 2002:a05:6808:1416:b0:3e0:70b3:3bef with SMTP id 5614622812f47-3e2729250e6mr2353498b6e.12.1726849076217; Fri, 20 Sep 2024 09:17:56 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <SJ0PR02MB7439518694FB2E9C0FD51CD0B7622@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCR3eV1TpjV5W0XwJH5y4MqGKpzri=wm1SY=iu5duVVxww@mail.gmail.com>
In-Reply-To: <CA+k3eCR3eV1TpjV5W0XwJH5y4MqGKpzri=wm1SY=iu5duVVxww@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 20 Sep 2024 10:17:30 -0600
Message-ID: <CA+k3eCS6EsNwOddn+iwEsBuio4YmgyYMsT64Nt_nK8JwUPd_oA@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="000000000000c4e7e006228f6170"
Message-ID-Hash: EDJZVOC7F7VWZVWADLNAEVJM3MLXQDMK
X-Message-ID-Hash: EDJZVOC7F7VWZVWADLNAEVJM3MLXQDMK
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1X7YCRku8hdksnaJ4mWHRaQMB9g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Resending this because I didn't see it show up in the list archive https://mailarchive.ietf.org/arch/browse/oauth/ On Thu, Sep 19, 2024 at 2:00 PM Brian Campbell <bcampbell@pingidentity.com> wrote: > As an individual, I don't believe the additional text is necessary. > However, as an editor committed to that same goal of publishing this > specification as an RFC (hopefully soon), I'm happy to add it to the draft > to help achieve that goal. > > > On Tue, Sep 17, 2024 at 10:01 PM Michael Jones < > michael_b_jones@hotmail.com> wrote: > >> I’m going to resurrect exactly one of my previous review comments that >> was not addressed. The original comment was: >> >> >> >> *6.1. >> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance >> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*: >> There are many places from here on where the label “SHA-256 Hash” is used, >> for instance “SHA-256 Hash: jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4”. >> Change all of these to “Base64url-Encoded SHA-256 Hash” for correctness. >> >> >> >> Brian responded “The current wording might not be as descriptive as >> you'd like but it is correct.” >> >> >> >> I’ll water down my request if you’re not willing to change all the >> occurrences to “Base64url-Encoded SHA-256 Hash” to then please at least add >> a textual caveat before the first such occurrence along the lines of: >> >> In the text below and in other locations in this specification, the label >> “SHA-256 Hash:” is used as a shorthand for the label “Base64url-Encoded >> SHA-256 Hash:”. >> >> >> >> As I said in my initial review, I look forward to this specification >> being published as an RFC. >> >> >> >> Best >> wishes, >> >> -- Mike >> >> >> >> *From:* Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> >> *Sent:* Tuesday, September 3, 2024 3:39 AM >> *To:* oauth <oauth@ietf.org> >> *Subject:* [OAUTH-WG] WGLC for SD-JWT >> >> >> >> All, >> >> As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT >> * document. >> >> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html >> >> Please, review this document and reply on the mailing list if you have >> any comments or concerns, by *Sep 17th*. >> >> Regards, >> Rifaat & Hannes >> _______________________________________________ >> OAuth mailing list -- oauth@ietf.org >> To unsubscribe send an email to oauth-leave@ietf.org >> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Neil Madden
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Michael Jones
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd