IETF Logo Mail Archive

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

Brian Campbell <bcampbell@pingidentity.com> Thu, 09 January 2025 18:25 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D13C1DFD43 for <oauth@ietfa.amsl.com>; Thu, 9 Jan 2025 10:25:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xr6p_lgekswR for <oauth@ietfa.amsl.com>; Thu, 9 Jan 2025 10:25:55 -0800 (PST)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A381C1DC804 for <oauth@ietf.org>; Thu, 9 Jan 2025 10:25:39 -0800 (PST)
Received: by mail-vk1-xa30.google.com with SMTP id 71dfb90a1353d-51c4bc9cd19so673626e0c.3 for <oauth@ietf.org>; Thu, 09 Jan 2025 10:25:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1736447138; x=1737051938; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GUDcrWnzjwT/YSngbErVCORvGr4Md4WTGQUcho7gMJc=; b=eiCLeIxgiJiHsJTY/lDUKTEcXLHJfo14onWhjpypehuQZZxim17fCkBlHVYE5YCNwb O2cDjZHpDA54OtWiKfrOvYRX0F4C/fD2dfwp/Bicp9H1K6szVK5SCQOZPUVB7ztSfdht I8dEq1NwwqXv1V0gHf6g8LPo34V4cyXaFQVmvjelODObeKePcX0gSGD3mcgaKhWGFCqn sT06nonP9Ak7XMLv18ZMTgtWCeDt703257nXZSIF00Xg+HXaNyHtLwcvXU9j3YjOsTRY yc3Ul4BgyWpmOubjMBlJyz3M0Buu7l5R45gGWzr2Xsavd6XrbXavXiSE8wcbSsV8DU22 /Vpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736447138; x=1737051938; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GUDcrWnzjwT/YSngbErVCORvGr4Md4WTGQUcho7gMJc=; b=YpyVCq5WA2b7lu5kE411acAnnoB5og0jnUogp1UDjxcH7Q0f33DXmR89JeLPxbd21R DgmqIaUCRdeU/ZBpo/pSst9XB+1WCBaPadXK9I4j1wd9gUZHKfmU2/KAcKjafPx/CFhF 8SHkAu5NZvrpThs4MKMh0SRKjM3NsM6Hjoy83QKb24THlrm5kSN67I1s5AnoqDx/RorQ QIZJGUVaMQcp9sFPhCUKbAWu2fbr2KoTBjng/8t18HVWYXGVBPdVzZBtY6vqGwmC0L2q VRvCrNzC020QeTadsydlJfbP/dbx0HnP+QKFQrDg0RY+UzxLl/xRFAHkxNqTAhKxNj2Q Vu2w==
X-Forwarded-Encrypted: i=1; AJvYcCXToZtZ0dMrfMN9oLR7mcmUMgXDow8J8oAvb1YrmowOvw9Z5eDd3A0ffK+9yJLGEEiDGg/uLQ==@ietf.org
X-Gm-Message-State: AOJu0YwGUqQ9+aHEfH+SGHtxA/a19s1SUZLiQvZLJx/3GuVtnVpsgPDK B8c5CLvLuT7HJw1jPqxqA9lU36mf+Y0/aGcoD4YmSou+mWgelV1c7UhX1E6b6ccoh7i+gPbKdV+ SoaZRuflVt+wkqfknoNRIUJO3bltgABp92F/srnQjouKzXAip3175L+yQNkFJmDEGGbCM3JT/6+ 7plU9lKh1L+w==
X-Gm-Gg: ASbGnctjiIHkRHz0QHK4EPwbUh38kDSTPGzrLXDWoAMseCJ02E3bWctR/WRDj9KDycq sgzde0FNrl9SG4HlyqTd7zdougkqgh47j8wFMbZo=
X-Google-Smtp-Source: AGHT+IEhHvcn7fWWEKWkL2h9xS/83QREDWjbYxwH7phOjY52S+BOZk8cmUEpDsDAHw0No/6H3/+GxH8sQOBEWczIGZg=
X-Received: by 2002:a05:6122:130b:b0:518:7bc4:fccd with SMTP id 71dfb90a1353d-51c6c22eed6mr7924333e0c.2.1736447138437; Thu, 09 Jan 2025 10:25:38 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0ck9pHXtLc7dgMME8nzLh2dV+__5tJm=mbRPpBqJq8YLzA@mail.gmail.com> <CH3PR13MB674772CE395C23E30B7F35D9E1132@CH3PR13MB6747.namprd13.prod.outlook.com> <CACsn0cndtkJm4mgQi=aD4uWDjzPY-CGZ589ORb_=3WGHnoA3Bg@mail.gmail.com> <CACsn0ckSnUa8sW5nrySxJe9fycohAT=cpHaogM-bRx-Xzcn6fQ@mail.gmail.com>
In-Reply-To: <CACsn0ckSnUa8sW5nrySxJe9fycohAT=cpHaogM-bRx-Xzcn6fQ@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 09 Jan 2025 11:25:12 -0700
X-Gm-Features: AbW1kvY1aRF7g8e42gpTY19XtTOjgIgXSC1woTrCRU6OetvLz-Qe4QwNsUoKCGo
Message-ID: <CA+k3eCQUAUr3MsT8j1b8HCwo+sRH47YuWuvnMq5rzs=wWeJwOQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000dbce6a062b4a1a0b"
Message-ID-Hash: YZHDE5P4LRBLEGO5N5INQOGHNW4X4D6D
X-Message-ID-Hash: YZHDE5P4LRBLEGO5N5INQOGHNW4X4D6D
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Pierce Gorman <Pierce.Gorman@numeracle.com>, IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ThXNjL1CecbLSp1yV0JwV1SRqsk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

On Thu, Jan 9, 2025 at 11:18 AM Watson Ladd <watsonbladd@gmail.com> wrote:

>
>
> On Thu, Jan 9, 2025, 10:14 AM Watson Ladd <watsonbladd@gmail.com> wrote:
>
>>
>>
>> On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman <Pierce.Gorman@numeracle.com>
>> wrote:
>>
>>> Hi Watson,
>>>
>>> I thought it was a good suggestion and am looking forward to feedback
>>> from others.
>>>
>>> I didn't understand the part of the statement in the penultimate
>>> sentence which says, "but cannot work for Issuers".  I should probably
>>> understand what you meant without having to ask, but I don't.
>>>
>>> Can you please elaborate what you meant about workarounds such as
>>> issuing multiple one-time-use credentials at once (if I understood that
>>> correctly) not working for issuers?
>>>
>>
>> Let's change that to "cannot prevent Issuers from linking issuance to
>> showing". Does that help?
>>
>
> Actually I see Brian already made a better edit to fix it in the PR
>

I think that particular edit should be credited to Danial but yes

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.38.3 | Report a Bug | By Email | System Status