[OAUTH-WG] Re: WGLC for SD-JWT
Brian Campbell <bcampbell@pingidentity.com> Fri, 13 September 2024 17:17 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B305C151083 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 10:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4199PH3az9H for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 10:17:18 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4450C14CF18 for <oauth@ietf.org>; Fri, 13 Sep 2024 10:17:13 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id 5614622812f47-3e04801bb65so564726b6e.0 for <oauth@ietf.org>; Fri, 13 Sep 2024 10:17:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1726247833; x=1726852633; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hgHAqK/1EF5tXrGPJRTocPtKCTOKWCKi+w1Llwgfe8o=; b=IwORugR9MYTwmrb86yI55EGwuIhJQoBK1FcIfzulCdNo0cTVcjRyT7BkXIzKl03uaI CvZSM8LDPVCcYEwBrUzU5t9Xbw4tyQYimWIoKk6awf6TprXEOuiOLpwNRK7arV7ozCTE dpMcwpGhfbdIULI7LfGlRfla3GDHacUQ3fL6gqYjtyTFpR4PJSu0QrgbSoOBhXepjWtz mFM+q/k8fHj0yP0OGdjMj90iCZeoEaZqQqlXn1oS+3NY1e6gLozSANJz9UplJJgVO5xf wo7Q0yBjd2WHkSvA0SYsnX99qK6BF2PAI07MMM1TIsAZZp0PN6EjHBL2jfw1clXjzEBX LcUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726247833; x=1726852633; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hgHAqK/1EF5tXrGPJRTocPtKCTOKWCKi+w1Llwgfe8o=; b=WPJtis1cCB6o1GzbLR0kkwNrmGMQ3EFAljONtWG5VZ/8S5Bn8saZiNu9CGRx1HwsFz LgaGLDgIG6A1dCxQZNGXg0Pj5LpvCDl5lU+gFyt24poKIA9GF9zjRBBHv5KycQ3eX+Yp 95kAtBocYZ6cFR34C0bBQM0YGfXbqkMgxY0ql9aAtIE+HXVuBZIDK6U6YPB7YFCvZONx eukJzk/Jc05BR4TJrkDlsLHVFKvJV5daOlV1FJ/2gXCCtYdhSvN95tMO+/kwRhljbg+a 5jcLAxRoAiMlv7lBebZddzDhVS1T6q/Q4cyLCntRFCj9/1RPFMGbGnj3hoUszw4UppSb X1zg==
X-Forwarded-Encrypted: i=1; AJvYcCXIKiao7kpIqGiSzdJ8RPGQ4MWB4xa3G3F4DRW5afrz7SWIeXpy9CGq3Mc1YRAt0693PrWagw==@ietf.org
X-Gm-Message-State: AOJu0Yzh3PlMQxRXbw9jCGvQklsShY0ig0xdqJfTAV0GYS2uh+OKHkbI pW/lko4K7iZC8w9NQ2+i5HUzTsdgWt3l2dAxWJbE3IsB7+naefBgYctR+3RPILmiDuV3MLTZRv9 IFGdXotiZgV1TjyEPnaactrAw+BeYYrJ6+lxOU3/Pv52LDmmw595fATJOAUBSySxXCcwY73VDyZ 281SDr2BJHDw==
X-Google-Smtp-Source: AGHT+IFz86ThKRNzjjuN7bKgB6HQW0Xvb1yZO4bOaEnqP4UUqRNCZQ/mImV8tyM01v9fsSm8h39MXziyMMvM6to/jFQ=
X-Received: by 2002:a05:6808:3207:b0:3e0:4ed8:80a4 with SMTP id 5614622812f47-3e07a1331ffmr2161370b6e.28.1726247832603; Fri, 13 Sep 2024 10:17:12 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <CACsn0cnwUVp3NwkmqYVjrCNbSvKhTwx04YvAoYb9ujUTQWAS4Q@mail.gmail.com>
In-Reply-To: <CACsn0cnwUVp3NwkmqYVjrCNbSvKhTwx04YvAoYb9ujUTQWAS4Q@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 13 Sep 2024 11:16:46 -0600
Message-ID: <CA+k3eCTeZU3gXVX+nK-g+ke-3hVLF3bgXvSye2d5tN+=gD7NrQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000db7564062203648f"
Message-ID-Hash: I3ROD5GBFC7LKG53DWIYTG4BNYGKQC6U
X-Message-ID-Hash: I3ROD5GBFC7LKG53DWIYTG4BNYGKQC6U
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PaTJdGb3RbKOMLy_IAod-bWcpGc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Watson, Thank you for your comments during the Vancouver meeting and subsequently on the mailing list. Your input helped initiate some valuable discussions, and I’ve incorporated additional text into the Unlinkability subsection under the Privacy Considerations to reflect the general consensus that emerged. I appreciate your role in sparking this conversation, which has undoubtedly improved the document. I’d also like to respectfully remind everyone that the content of these documents is meant to represent the rough consensus of the working group, rather than any single individual’s perspective. Respectfully, Brian On Wed, Sep 4, 2024 at 3:20 PM Watson Ladd <watsonbladd@gmail.com> wrote: > The privacy considerations section does not have enough RFC 2119 > language in the Unlinkability section. There is no workable guidance > on how to mitigate these risks. Presentation to users is not a > workable solution: please learn from how browsers have suffered a lot > at this. It's also very prolix. This is in contrast to 11.1 and 11.2. > > Sincerely, > Watson > > On Tue, Sep 3, 2024 at 3:40 AM Rifaat Shekh-Yusef > <rifaat.s.ietf@gmail.com> wrote: > > > > All, > > > > As per the discussion in Vancouver, this is a WG Last Call for the > SD-JWT document. > > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html > > > > Please, review this document and reply on the mailing list if you have > any comments or concerns, by Sep 17th. > > > > Regards, > > Rifaat & Hannes > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-leave@ietf.org > > > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Neil Madden
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Michael Jones
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd