[OAUTH-WG] Re: WGLC for SD-JWT
Brian Campbell <bcampbell@pingidentity.com> Thu, 19 September 2024 20:00 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52D6DC18DBAD for <oauth@ietfa.amsl.com>; Thu, 19 Sep 2024 13:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbkS20WMEE_y for <oauth@ietfa.amsl.com>; Thu, 19 Sep 2024 13:00:39 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 542E7C1840F6 for <oauth@ietf.org>; Thu, 19 Sep 2024 13:00:39 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id ada2fe7eead31-49bc42bec6dso367217137.0 for <oauth@ietf.org>; Thu, 19 Sep 2024 13:00:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1726776038; x=1727380838; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EBcbD8l6tnPm+4tgxfsU4hI4Oc5zcIfeB+ZcoJMDJCE=; b=S6790sDaZh+RvWTwJbKPIgWIdfpXNuFhDT0S5AnZjbZ6yfU6SAmQ0o/jr2G85LeJMS lqP6mwK3MX9GXFfDVI3xavIEitb5WM1FSHg3Id6gGaCft86KgSuXsyYQCydd/U9l0BWI VwsOiG3phXv9QI7ArGm25ko6krRppJlqqTkRNcJhz8otfk6irWZskD/YOxoQtZke0VvG gqhhZSOA0R8iZMp84X2j+zLhV2E4DlaSnjH3CQjP6Yy1c5bGUhdGkrYsjh6vMG3HX18D HMXcCbNxbxObmLfF6cGaixa+eOtWS6+8VHFjxgRsuhuvL853xP8IilGnTUQjvaYPkygy a1ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726776038; x=1727380838; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EBcbD8l6tnPm+4tgxfsU4hI4Oc5zcIfeB+ZcoJMDJCE=; b=NYwobggzybpfOtdH8mte3koNeNhprS8L5HkJbGsw811Ng6E/qsr3x+fl6hBS5dqjcb qjqHwtr544njDffagyXpfQxBRKWGvPdzJ1bhtUr7FORWtonSDcMMl4juavFw8LR1DERy LGm8S/ZHLOQL6jjmWvoUdzz8A/CPeKbtrsCfk5eqrdN/i/CloI8mAOF0ea0ERqX9y/wz T0A1FO3P1gvf2pXRYSiT0T0Zzkr4b8EuEr1VS61Frij5cJ1FRVgMSQXMM+JCCn/i+mD/ 7Wk64yU4916tBmb883PizzaI8zl6qFobYj+Vqw5N+dQI7lVNubizQKZkMjWwQwJU5Cqu g0gw==
X-Forwarded-Encrypted: i=1; AJvYcCXUmBFymVhJ2zuK5EH8duDTOoW3ay4uoW+DMnlOI4vvqdM/VMJ2bnm1l3Ir3Egwjy6pbMQopg==@ietf.org
X-Gm-Message-State: AOJu0YwTC1DME8hYFvxZVSj/RKHl0IxsWZY3gLShOs7j7n8JIhW4rdOI Yc8i95HUF0xDQR0j4FydOmE8fHJoxQ1QFcQ6kQKTjRT4L28QspAggY3HbDPTc+Wr8hUJIXGLiXb J4alV01z4OEY0rbWEiSg58GN2rSj6RZkJsaez8ZAzvwKfjKLu5saSJKhv7J2XKInnJWcrlyqUv7 ZoCp2L8kWb1A==
X-Google-Smtp-Source: AGHT+IER3JLVrNJ8IxYInCSesdVi8s8BmG0+7TEYjPPV/gXhhlOoBXd6rknzqevFJZ+MSs7j6vgK9zvJ6pxQvJeOyyA=
X-Received: by 2002:a05:6102:41ac:b0:48f:dfb8:77aa with SMTP id ada2fe7eead31-49fc95814f5mr135086137.17.1726776038051; Thu, 19 Sep 2024 13:00:38 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <SJ0PR02MB7439518694FB2E9C0FD51CD0B7622@SJ0PR02MB7439.namprd02.prod.outlook.com>
In-Reply-To: <SJ0PR02MB7439518694FB2E9C0FD51CD0B7622@SJ0PR02MB7439.namprd02.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 19 Sep 2024 14:00:11 -0600
Message-ID: <CA+k3eCR3eV1TpjV5W0XwJH5y4MqGKpzri=wm1SY=iu5duVVxww@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="0000000000005afa2906227e60cf"
Message-ID-Hash: BPCGG5HXCTCIIDWVLM225MBO2DSEZLD7
X-Message-ID-Hash: BPCGG5HXCTCIIDWVLM225MBO2DSEZLD7
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/30eDmWYBlylopubHd0nqIxLgfII>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
As an individual, I don't believe the additional text is necessary. However, as an editor committed to that same goal of publishing this specification as an RFC (hopefully soon), I'm happy to add it to the draft to help achieve that goal. On Tue, Sep 17, 2024 at 10:01 PM Michael Jones <michael_b_jones@hotmail.com> wrote: > I’m going to resurrect exactly one of my previous review comments that was > not addressed. The original comment was: > > > > *6.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*: > There are many places from here on where the label “SHA-256 Hash” is used, > for instance “SHA-256 Hash: jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4”. > Change all of these to “Base64url-Encoded SHA-256 Hash” for correctness. > > > > Brian responded “The current wording might not be as descriptive as you'd > like but it is correct.” > > > > I’ll water down my request if you’re not willing to change all the > occurrences to “Base64url-Encoded SHA-256 Hash” to then please at least add > a textual caveat before the first such occurrence along the lines of: > > In the text below and in other locations in this specification, the label > “SHA-256 Hash:” is used as a shorthand for the label “Base64url-Encoded > SHA-256 Hash:”. > > > > As I said in my initial review, I look forward to this specification being > published as an RFC. > > > > Best > wishes, > > -- Mike > > > > *From:* Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> > *Sent:* Tuesday, September 3, 2024 3:39 AM > *To:* oauth <oauth@ietf.org> > *Subject:* [OAUTH-WG] WGLC for SD-JWT > > > > All, > > As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT > * document. > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html > > Please, review this document and reply on the mailing list if you have any > comments or concerns, by *Sep 17th*. > > Regards, > Rifaat & Hannes > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Neil Madden
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Michael Jones
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd