IETF Logo Mail Archive

Re: [OAUTH-WG] Call for adoption - SD-JWT

Daniel Fett <mail@danielfett.de> Fri, 05 August 2022 09:55 UTC

Return-Path: <mail@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1633BC15C510 for <oauth@ietfa.amsl.com>; Fri, 5 Aug 2022 02:55:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzADD9aSWw3k for <oauth@ietfa.amsl.com>; Fri, 5 Aug 2022 02:55:15 -0700 (PDT)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [IPv6:2001:67c:2050:0:465::101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CF53C15C50B for <oauth@ietf.org>; Fri, 5 Aug 2022 02:55:14 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Lzgv11qWNz9sW0; Fri, 5 Aug 2022 11:55:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=MBO0001; t=1659693309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=acf7U0hASIpnbP5CFsg0itUcxiYwVe86MBv6QzJDR5Y=; b=C+FWxFU9CdT15OH5pmAN34K6cfnlvXNFu7p8bxIdz/x2/tOZsPlaKp7JwXyaUoPd7HPZb+ 6bJYwx4O0gOG7zaPBe/z6SQ/X15eVwkkq02sNfM/8dS/FGDIv78RfkbdevrwvDw0MR7mzH vZtUNZVCNe+1ru4oe6Xcj80p1Al1Bgdxup33ROvZnkMkEMpjclnT5dW7au9NUetno2XQbw qPGANS/IzE4r37DLWJWh0WDtPzomqsqQydKpUzryKaOWaaz+49Z0owja0GyjpW4oqSb9Aq PeVhH/6CiCn10ediPKz4gX1rkucVQUecmuT4zdfEXYo+Qm1TQdqpjbtg/iDG1Q==
Date: Fri, 05 Aug 2022 11:55:07 +0200
From: Daniel Fett <mail@danielfett.de>
To: Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org>, Daniel Fett <fett@danielfett.de>
CC: oauth@ietf.org
In-Reply-To: <CAJot-L2vBxsEhPt55o6cxrrdT1TvfWpQKwxGH49UnXK2FqG8Vg@mail.gmail.com>
References: <7f46f3f1-d384-37ef-9e76-8cb80995fb4c@verifiablecredentials.info> <1D2C56C5-8155-40A3-BC00-2EF7D12C9122@lodderstedt.net> <9c1c8d86-ed98-a4e3-e864-a00c82a24134@verifiablecredentials.info> <CAODMz5EKYo19JK8Zs0=UhCNdHZM9SddOpCNjqOAA=LpeMXPJ_Q@mail.gmail.com> <5c0091b0-a8ed-3690-fc86-3fa662af0d15@danielfett.de> <CAJot-L3ZQQa0Rragt+ds8bkhHtjXM1hMVgvcShGYxdxYFYAhhg@mail.gmail.com> <937ef7f5-163c-aaab-3f62-bdffb17bf150@danielfett.de> <CAJot-L2vBxsEhPt55o6cxrrdT1TvfWpQKwxGH49UnXK2FqG8Vg@mail.gmail.com>
Message-ID: <BAA30BFB-A157-40AC-8199-A1FC0B3DF9DD@danielfett.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----3ZYZDCCQM8Y81DN91QSFURB6IC103S"
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Lzgv11qWNz9sW0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/P1YpcWjbf2KngAsLl9gg-oubAQA>
Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 09:55:21 -0000

It's not that the people I have spoken to didn't like the idea of SD-JWT. It's just on a different layer than JWPs, using a different approach, different crypto, providing different features, and on a different timeline. There's no compelling reason to have both in the same WG. There are nonetheless good reasons to have SD-JWT. Having SD-JWT in OAuth WG is not an attempt to "backdoor" anything in!

I also didn't say that we should adopt SD-JWT because it has been implemented. You took my statement out of context. I wanted to underline that the spec is practically feature-complete and can be implemented today, providing the features promised. Meanwhile, JWP is not there yet.

But, SD-JWT is not in production yet. If the OAuth WG decides that substantial changes are required, now is the best time for that.

Also, I wanted to highlight with my statement that SD-JWT is easy to implement due to its simplicity. 

-Daniel

Am 5. August 2022 11:28:49 MESZ schrieb Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org>:
>Maybe they have a good reason for not wanting it, and then we shouldn't be
>the WG that backdoor's it in. Also: "other people have already implemented
>it" is a cognitive fallacy, so let's not use that as a justification we
>have to make the standard.
>
>We should get a concrete reason why a WG that seems like the appropriate
>one, thinks it wouldn't make sense. If it is just a matter of timing, then
>whatever. But if there are concrete recommendations from that group, I
>would love to hear them.
>
>On Fri, Aug 5, 2022 at 10:26 AM Daniel Fett <fett=
>40danielfett.de@dmarc.ietf.org> wrote:
>
>> Am 05.08.22 um 10:22 schrieb Warren Parad:
>>
>> > and nobody involved in the JWP effort thinks that SD-JWT should be in
>> that WG once created
>>
>> Why?
>>
>> For the reasons listed, I guess?
>>
>> Also, mind the "As far as I am aware" part, but I don't remember any
>> discussions in that direction at IETF114.
>>
>> -Daniel
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>

v2.23.0 | Report a Bug | By Email