[OAUTH-WG] Re: Second WGLC for SD-JWT
Brian Campbell <bcampbell@pingidentity.com> Tue, 12 November 2024 23:59 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D750C151069 for <oauth@ietfa.amsl.com>; Tue, 12 Nov 2024 15:59:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZ_7QkqAlHVX for <oauth@ietfa.amsl.com>; Tue, 12 Nov 2024 15:59:47 -0800 (PST)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 114F4C14F698 for <oauth@ietf.org>; Tue, 12 Nov 2024 15:59:47 -0800 (PST)
Received: by mail-ua1-x92e.google.com with SMTP id a1e0cc1a2514c-84fdf96b31aso2355714241.2 for <oauth@ietf.org>; Tue, 12 Nov 2024 15:59:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1731455986; x=1732060786; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eMac2TgLc3X3yl80sKEPRXXeoxdl9San9S2lRhPYbrY=; b=CwT7nuhjX557AmD5e8+qccrIdTBTECS0xIiRylXa3YcZV7vWdi4MIe5u49yL7lBigk fewSa294IOTYrWLltEGpjYPDBQ9EtpykYvPhyQXB0LEyIMt1SE9nA6b4rLh1xGux9z7b 0H37HWnXCLoM7Q8HgwpP6ODPjDj0+john/4jXGc0cMkQj7eTAnkiH0HLN3/vUjwvZTbq p99Piuv0ukxEhAzNiuQa9nWpj9RZq9yZl90rmE8qXKBL3+qZ1Yc08bcM6QFKvElEdHSG MK3BknI2O3Cu/cb7RFwr8sdBuo8/CVyAnr7UDiXUvMMVY2AqORXw+QmZ8AdXrPOm54rY 2TWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731455986; x=1732060786; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eMac2TgLc3X3yl80sKEPRXXeoxdl9San9S2lRhPYbrY=; b=bnp8xBtVMBoJR6Li7Cv+fXesIr+50p9hhBpwioj3KcA1+lL4qbR/P1DNgRwrMQcKQV EAOb9cbMfqyvSodRiTaR6YjZzbJ5FPqTwIWMeAWJmfB50h8CgA5M6WmsBocBNFI2CfdD MTjlkzDYa4HY04Q2gCXxl8wYA5DiLN9cKK/7lMtEeQFIsDEq5/M7mAtEeKMmumC3PkIm LyiFeyzU2pMdZLCscXbet1Q2V5MoOTO3iNOEpbJeWnbUYvrmJz4HvqFlfWjzNXyD3279 p/QZPoqZd6XEasZnR5axJWRwwOyuRA1HCelpr5SbqVxfhgY+Tdut3NEnhy0FRA4IrTei SnzA==
X-Forwarded-Encrypted: i=1; AJvYcCXOxHTz2Y34xxw6y795WB4YOABcjlEoqRRi2QdHQPyR5Hlit8IFiEY7V/UFY18eX2S7A9HfUw==@ietf.org
X-Gm-Message-State: AOJu0Yyxax7rpAA1o/5D5zdQki1nYcz0f0YZpF0SmQc8njBPXP6+ZiP4 QcmKKTTcJK/eERt3DiBm0EWPwu1B3Pa6xhCQC6l0BTRNIL1xUKUL2HasCiCSO4FM90EdSs5fWtU jhaQhy7QDkWcNlm+laBL4AAf6LrL8q2PkLbAHXZtxfrVB1095Nsz4GEMJszDq5N+8Tn0cDxwtH0 cjFd2miV6Uow==
X-Google-Smtp-Source: AGHT+IGmEUt8TSx7ig6/kEhVpTkO4ck78SRGHWaD2Kx/+fyQ9+PzSqB/K/vwWmVXDNdJ//BswtH/jadUd9OGBYkWW7U=
X-Received: by 2002:a05:6102:41a6:b0:4a4:7980:b9c8 with SMTP id ada2fe7eead31-4ac297d7e79mr5929162137.13.1731455986014; Tue, 12 Nov 2024 15:59:46 -0800 (PST)
MIME-Version: 1.0
References: <CADNypP9aEU4Ka+0u8PQ3W+jmLN5c6NK77i25Wo9bxquML5Ky2w@mail.gmail.com> <CACsn0ckMs=7St7hNPGb29yKjm3SBnC1pBJiuNyXRCT4Edg9mEg@mail.gmail.com>
In-Reply-To: <CACsn0ckMs=7St7hNPGb29yKjm3SBnC1pBJiuNyXRCT4Edg9mEg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 12 Nov 2024 16:59:19 -0700
Message-ID: <CA+k3eCR9dZsj1ZQVT4nWrHzh0vGouzbD1cOEtBvD5WbXosOMXQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000fdca3c0626c0024f"
Message-ID-Hash: 4GNB3K3CGOHCZXDZN6CBKWPKROSOOQAH
X-Message-ID-Hash: 4GNB3K3CGOHCZXDZN6CBKWPKROSOOQAH
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Second WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PxmObZi-C2aV54DOrBe8dVspsL8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Consistently saying something isn't the same as gathering consensus about what, if any, changes to make as a result of saying it. The IETF has a consensus-based process for standards development and sometimes one individual's viewpoint falls outside consensus. Repeatedly voicing the viewpoint doesn't change that. I suggest the WG proceed with submitting the draft to the IESG for publication while noting in the Shepherd Write-Up that Watson has repeatedly raised a concern about privacy implications and, despite changes being made as a result, has raised the comment again. I believe it's completely reasonable at this point to declare the comment as "in the rough" with respect to the consensus of the WG. On Fri, Oct 25, 2024 at 9:45 AM Watson Ladd <watsonbladd@gmail.com> wrote: > The privacy issues I have consistently raised have not been addressed > through actionable text. > > Implementers are not receiving guidance with the current version. The > actual risks are buried below a bunch of words talking around the > issue. > > I'll be very clear: if a user uses this technology to pass an age > verification filter, they will end up exposing their complete identity > without knowing it. This is an unacceptable risk, and no one disagrees > the technology poses it. Implementers will often not have the skills > or knowledge to identify this concern independently, and need > actionable guidance on how to mitigate it. We provide far more > actionable guidance on storage of credentials. > > On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef > <rifaat.s.ietf@gmail.com> wrote: > > > > All, > > > > This is a short second WG Last Call for the SD-JWT document after the > recent update based on the feedback provided during the first WGLC > > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt > > > > Please, review this document and reply on the mailing list if you have > any comments or concerns, by Oct 25th. > > > > Regards, > > Rifaat & Hannes > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-leave@ietf.org > > > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Second WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Tom Jones
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Paul Bastian
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis