[OAUTH-WG] Re: WGLC for SD-JWT

Brian Campbell <bcampbell@pingidentity.com> Fri, 20 September 2024 16:18 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B35C14F68D for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 09:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oy9yI5WRk7vg for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13A2BC14F73E for <oauth@ietf.org>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id 5614622812f47-3e03c736466so1312496b6e.1 for <oauth@ietf.org>; Fri, 20 Sep 2024 09:17:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1726849076; x=1727453876; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/zzCyHZ2pFESISlKHJJ9ycwBq8gytVH6qgBdlWxsbiM=; b=YlUtJ5iK122CbQEr+4rcq4SE0hPMNYCeGxql+QaQzQHJeiw1oAl0lVen7LBDP4YJHU Ga5pKangYYKssQjAKZrbCenmaYBRc+yyxklcDwIIa0zQMcS1lS33iwRF759pls/rn0jG WsXyIUzRLvssmSmbNIILDhe8fKCTvB/8RwQ5QKanqeP+tCdba12VvAOjztshgFdn0daA 9atQrbBqeG3JvZMq01QRKGDOOZQuNMteIXJ0jygoTHqw9BH9H8Yb5SPE9zIEmUpbgbx0 qUoEEohOS8hLQ7eFYRRlNRzRoC8360Sp2tRhvVMWWr319olEMCaeK/7gFU0aF34qgX4b Y13w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726849076; x=1727453876; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/zzCyHZ2pFESISlKHJJ9ycwBq8gytVH6qgBdlWxsbiM=; b=dCB6WcwLDqVpKbrtWvger0sVVlSuOhoHhy7+kqmWe1pdrMeZlKx58LGI72MwSYdUnN TEXm6KVwM928aaoOR+QIvwzm3+N1MbfRYdPAyI5kwafT0wVtKTgmCkM5NBhxKB9M6yhs /W+jDeRhvVLmsMhq/j94GcXbdeM6CCul+Wfk+fFVSk2yRf7aHPFjus50r8CVrMvVP5LT iHa/2DXI5XNM36iFS7RSlejT6Y7pnjwNht6r6ZYQnzTbp4mC7F5IWUUGhZ/31zCeWy90 yEDngopJfnPQ+9KPx7Fq+2cuFEH0W+QkbtUnco//buwx5ZxCN8WtSmnf8dpjr6kO8zlx yLmA==
X-Forwarded-Encrypted: i=1; AJvYcCVLILy1vW8kYa8oNkkR/TLzN8QagxO9XUdD1ZWr4UofZYXj8j/8SGa3LYXVkzKnfDHEzSz9Rg==@ietf.org
X-Gm-Message-State: AOJu0YxGhLnIOxb+WNknuzGR6nhV3EQh5T4BWITwpUp1qnyRWa3dDLZb Y+pQT15Gz+8yuJfLK8TTFfI4beIxuksCp1cxp1+0DDekyF1z5UbW0Wvr48GyY1nkhcQvLFmUEZI ojr3RRVmyqIbmgZJhxIFNDguzTIDA4LOPCrsglYgUnXf/2ApYeLuppzqZiYKn6E6rLYIEgfbJFf 3H8+Em0XwJR5WLPHLtf3tX+hY=
X-Google-Smtp-Source: AGHT+IF7rqMWC2WhiCMnPK9JCxBSqQWLx4YgX5/WHCVTvsmyaXgeaRqjC9vJ+c7lrToEvxWzm6YTlXK6DpOa7pX+pBM=
X-Received: by 2002:a05:6808:1416:b0:3e0:70b3:3bef with SMTP id 5614622812f47-3e2729250e6mr2353498b6e.12.1726849076217; Fri, 20 Sep 2024 09:17:56 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <SJ0PR02MB7439518694FB2E9C0FD51CD0B7622@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCR3eV1TpjV5W0XwJH5y4MqGKpzri=wm1SY=iu5duVVxww@mail.gmail.com>
In-Reply-To: <CA+k3eCR3eV1TpjV5W0XwJH5y4MqGKpzri=wm1SY=iu5duVVxww@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 20 Sep 2024 10:17:30 -0600
Message-ID: <CA+k3eCS6EsNwOddn+iwEsBuio4YmgyYMsT64Nt_nK8JwUPd_oA@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="000000000000c4e7e006228f6170"
Message-ID-Hash: EDJZVOC7F7VWZVWADLNAEVJM3MLXQDMK
X-Message-ID-Hash: EDJZVOC7F7VWZVWADLNAEVJM3MLXQDMK
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1X7YCRku8hdksnaJ4mWHRaQMB9g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Resending this because I didn't see it show up in the list archive
https://mailarchive.ietf.org/arch/browse/oauth/

On Thu, Sep 19, 2024 at 2:00 PM Brian Campbell <bcampbell@pingidentity.com>
wrote:

> As an individual, I don't believe the additional text is necessary.
> However, as an editor committed to that same goal of publishing this
> specification as an RFC (hopefully soon), I'm happy to add it to the draft
> to help achieve that goal.
>
>
> On Tue, Sep 17, 2024 at 10:01 PM Michael Jones <
> michael_b_jones@hotmail.com> wrote:
>
>> I’m going to resurrect exactly one of my previous review comments that
>> was not addressed.  The original comment was:
>>
>>
>>
>> *6.1.
>> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance
>> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*:
>> There are many places from here on where the label “SHA-256 Hash” is used,
>> for instance “SHA-256 Hash: jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4”.
>> Change all of these to “Base64url-Encoded SHA-256 Hash” for correctness.
>>
>>
>>
>> Brian responded “The current wording might not be as descriptive as
>> you'd like but it is correct.”
>>
>>
>>
>> I’ll water down my request if you’re not willing to change all the
>> occurrences to “Base64url-Encoded SHA-256 Hash” to then please at least add
>> a textual caveat before the first such occurrence along the lines of:
>>
>> In the text below and in other locations in this specification, the label
>> “SHA-256 Hash:” is used as a shorthand for the label “Base64url-Encoded
>> SHA-256 Hash:”.
>>
>>
>>
>> As I said in my initial review, I look forward to this specification
>> being published as an RFC.
>>
>>
>>
>>                                                                 Best
>> wishes,
>>
>>                                                                 -- Mike
>>
>>
>>
>> *From:* Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
>> *Sent:* Tuesday, September 3, 2024 3:39 AM
>> *To:* oauth <oauth@ietf.org>
>> *Subject:* [OAUTH-WG] WGLC for SD-JWT
>>
>>
>>
>> All,
>>
>> As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT
>> * document.
>>
>> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html
>>
>> Please, review this document and reply on the mailing list if you have
>> any comments or concerns, by *Sep 17th*.
>>
>> Regards,
>>   Rifaat & Hannes
>> _______________________________________________
>> OAuth mailing list -- oauth@ietf.org
>> To unsubscribe send an email to oauth-leave@ietf.org
>>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._