IETF Logo Mail Archive

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

Pierce Gorman <Pierce.Gorman@numeracle.com> Thu, 09 January 2025 20:35 UTC

Return-Path: <Pierce.Gorman@numeracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB06C220C4F for <oauth@ietfa.amsl.com>; Thu, 9 Jan 2025 12:35:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=numeracle.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HIKRWaBX1e0I for <oauth@ietfa.amsl.com>; Thu, 9 Jan 2025 12:35:13 -0800 (PST)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2123.outbound.protection.outlook.com [40.107.95.123]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9E7DC23D084 for <oauth@ietf.org>; Thu, 9 Jan 2025 12:35:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CjLfS/qnCcJ/ereHAwgNo08Caa90JLIwG/UbEMztWKGNVWgZRozxFR4/X+3jopW3r09xobgI4i1H2/5eNQNAsq2Q5Aq+1YyeRMqlB/2oRcF12cQPNr8JvBaqQ9y0O2TGbExSPKg0KX/LFNWnjDiH6WKUqVDGaeJaIJwMJdA+bV5hHCJZA+kYpkUSTSrJQD6oak3cNh7W5hLgUTyEvsj2aAHIqwod+x7djXZvKpLyGGhtMfV3JEndjhsRCmCtRLc/xkXIZIzLTG4qMA9OZfE87kaDqYD4em12n6VkJwWJFpUqetvvhx7n42/MRzIC9QfFBcEJMNLBDijNbRpHqs6eaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jBDoGwI6x7UV587zToHbE6PBxUgSN2nCr+TloUqVesQ=; b=mj3ErWuLVKr/379aUvmOHlyav57BVQKGmICac5gsCZJR9e0ZzUjCO4THStHabhutmyrPxX9bfYeTqaWyo3Y575PxmWCxQ4gpSqtEHwpM1i3xZMeWtZuWY1h7DvKZQ52f9Oq3zthmiSCbhxrtfGsR3R86JhQ//7cnZJ6wbhiq0eSNnbW6/JVF1ejb01g4tgeXu5T9OK9jt1P02uh2GUF6w+gP3aah7c8tIgS4Du5DRT2AZg9jDjt/7zNKp3av05qQpGG/UqXDcjYCuxWkrt3A3yv2eLXy4Z/2GUV203dvi5keIX4H7Kor/h7JlnSn2jVUU+LbmHuTidIcJKEfybP6kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=numeracle.com; dmarc=pass action=none header.from=numeracle.com; dkim=pass header.d=numeracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=numeracle.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jBDoGwI6x7UV587zToHbE6PBxUgSN2nCr+TloUqVesQ=; b=kqUINk8wG+f/bB5QUQaOnB26C69AxpeWqkoJ+2GIM8bvGwMMVRidVnJxlsxb4OacQBq8GEzASdkkJIPn8C6m3CbfR7Rxq8OqNvnCiwcYBPcq+u9bIGXG6GGVxH/zu50BHcLLkWA5KRWZIMHFIAZXSlCFYt36tPgftKs2hpKEd2Yo6S9OpIAUUKr1tYEnBtTxYXfYdFyrEsh0vtkfNXk7RNo+CCOakCxhTz2zmar6B1v1+YxAct8JKX1f1E/qLvWPWp0NpQlVZaqlMaERo6yyichpdRGsjz5ml0oGrDW62t1lOJXwXqWL7ljed0+PdU1EkLurfSRSzX+B+jl7+DoS6Q==
Received: from CH3PR13MB6747.namprd13.prod.outlook.com (2603:10b6:610:1e4::5) by DM6PR13MB3787.namprd13.prod.outlook.com (2603:10b6:5:240::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Thu, 9 Jan 2025 20:35:04 +0000
Received: from CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518]) by CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518%6]) with mapi id 15.20.8335.011; Thu, 9 Jan 2025 20:35:04 +0000
From: Pierce Gorman <Pierce.Gorman@numeracle.com>
To: Dean Saxe <dean.saxe=40beyondidentity.com@dmarc.ietf.org>, Paul Bastian <paul.bastian@posteo.de>
Thread-Topic: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.
Thread-Index: AQHbYsNqeLIMotAAk02fLyDFIN+FQrMOw20AgAARWgCAAAqogIAABWCAgAAArZA=
Date: Thu, 09 Jan 2025 20:35:04 +0000
Message-ID: <CH3PR13MB6747B5613E933D7D9055826EE1132@CH3PR13MB6747.namprd13.prod.outlook.com>
References: <300dd3d9-77ca-4333-865a-2ea033fca24d@posteo.de> <9019672E-FA08-4FB5-B30A-BA9B80D1DBE7@beyondidentity.com>
In-Reply-To: <9019672E-FA08-4FB5-B30A-BA9B80D1DBE7@beyondidentity.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_ActionId=fe0ab23f-08c3-4eec-a66a-21afdddd763d;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_ContentBits=0;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Enabled=true;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Method=Standard;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Name=Confidential;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_SetDate=2025-01-09T20:31:48Z;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_SiteId=b807d15e-47b0-447f-a656-f397dba6285c;
x-codetwoprocessed: true
x-codetwo-clientsignature-inserted: true
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=numeracle.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR13MB6747:EE_|DM6PR13MB3787:EE_
x-ms-office365-filtering-correlation-id: 80edc05e-20b0-43a0-400e-08dd30ed1941
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|4022899009|10070799003|8096899003|7053199007|38070700018;
x-microsoft-antispam-message-info: xBqlTDK7tKo0qW07brbOZnLkA3fO7SW7Tvx5mERuK8bskll4uRaDgsE0GWvzafGh1NJquzpenLoce7XO0N2zK0NvR26IAsjHd2juHJqrAgxfCi04Dfef9Uslysk7XyvtekcBWd4GdoOAsgtMRVQtk2kx0HqsSpZAngWuaUhFsyjIOCBVjWZUwiji8NBw4hOFIxvLJWHWD1DzoHxeG/w/vVvJEbV2NzzEOn+h01DmhcUmyln+CpbZpS567aRFpq+Lw913/gJKZmaeUgAHU3F12cXJk2RBeS8U8gMnUH4xtuBDGklXniu39nql0KgruvCgaBy/AKa933dblg/1Q/gfo/WilXcwg/lXO/8XRWeNktOiQPli3zOl1lbsXPcRMkR1mgY278Oim/DnCyI9+4Q2G51+s75HTCUr8uary+SlsbHcTN+vhwJcN4vqBGWwS35Ll47Gjm+T4N3ao8zN6e/44H29OP3ExrlIQKcEeB6N4ARp/OHdD5fSCWuJPbN7hU/0F2Lk8AvmH3RdKv/kB8zENlQCC1PIPFGDjcmhWtn32d5PJPqThf3VLmamy2Ea8m+3fXYbzQwe9ex44kyImkMoEEYRdQ26i/7OPfMae9qABJlAmHEoxwDvaVzu6SygL65lfblq+hGHWAh3QkCxGXSQcqmSqQbANvoKrVcAg57vkx9TmreBhcrNxjxWKKRHgqy5uLZwpwEKeU4AsgprO5LKYKEnDxC28dGO9PRHRibIARliJI3+Pu3LRQBEp3qkBErNYeQTOBMbi5rIHXUwoaN3Grj9UjSslECcC23GhdDLxUc7pFCcMGxJDlE+dKIjvv/q6z7GpdQc52ceulIWyt1woamw1IToAxa3J5mt9Jg38cinSWbNfxCluP8HSVGMs8RhsPJb5f2WNT6RJ1Eop1SJYCiUKdcJGrpUs85TsHYYk0G3OjhzOSpIu8R7GnLb3MgwY50X7pDiuzgJK883N7Rw3WI3hElFu/oJmD/oTDrYPeq+UvpZ8Gn6R5pgRXM84cjqvoR3HmexCa9qGKR0hFz/8Ausxp5s70xmAMA5sb40TI73UsSFr0bQFH3BE7to7MYZsB7RS7jVQlu5NvF4n31VrLE+I0pOahFz30QliiDye15rfGZiptksPrgVSuA17RvhtsaGlRyDPMfQ43VxpLPN3m9WLs5Bb5r0hEK6tOo1JUK2KaiJecXm5IMPSybaY3xzFHDMTqt5A6c34/wugSR6Y4ooQfbz/QedXrHqYtLAx0sfLn2qgW1Quyt47BGrfnI6C5dZpcs4L9eFqWyfK3WHW9rKfWLGRFOoq4SDmag7gSRipIjwRD5YmS8aN1ycN7r+5fA16TbipNp1LnpAw7ZE/HIPwXR11MtbVroIIxeILXsWWSmATt/uiWDzXW50/L95
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR13MB6747.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(4022899009)(10070799003)(8096899003)(7053199007)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 55sEHnWiUxpo4h3nukZ4+bCZ2UGf72zQ3eWAEXEMgyTgyGzmKc8PjIvrcrnfGvvoZVxC6O09pKn82Q8A9XJb7ZEhMSIHR8FcMf96PGvSax0uF3ZLgDra70JqINVE5twZ82moDp8zgc9uWEJsjwQXZ23bf70e5fURQteN7SIM64y7Z/7/ZMGhWNUkaIm20MhmQG/XRhYjWS0bi4asi4n3Bkg8i35/nyuKuRzyH+1B4NY5/ksBsi1y27Snen1AOmBby8yMeuIVL5FQlDkPTn+3pouo8QE2yrzIggRVEHNZFKyu6xsjD1hQbG5/KcEq/7LERBCYYo8j898b06pnV5oQ3jX7Kj4UbCspqb7oy6KLkykX7gLoQ2IQzV6KsDtEO4j5f5jsxeFOyx3HXln7kK9WW46gbe+KSb7f6GP7Ophr3vE+H6F7Nj9wbALKUC4ABOvgj1iyyP4qf5v2dJd/aoBHisZ9TymKEsInuY1Fk4buhz4nK0EyUGX1XKq7yq6xEObPVAUqsOz3dFbbcMkmqiDAXyyaLr43xnwIieoXroQ6EcGMjxr9mhvPd1vUxKviui6YdQyBLbKLOnKwG5b4ptjOgJre/Daoy8SENXb9hjHBvcKciQR54P+pOTWZGalBzkFSlcpdzF5ZpbveP/TuNOHoNqIQgIqUXlFjx9qSWt+/O0/6RBKv56Q+mSUSboGc7eIZ4+dVO2FkcT73IVBvuV1EoXS6yS8G7d5PXbGyXh+l0eFhmcoCrLHZEnDqAPo0tySbTB/VDEVDgVLa+avOz8XoYtuAZUfkuYyUYQAF7CuphueEkJHcZiPEolpffN3H4S8JDdrwnvqKTO2HtvbNzdmHamL/fwzL5VUwpUxsLSZE1dmX4wKLzlxFUeN+xh6tIiDJziiuy6vyQqcWnDDukQ5XWD7vOFSqNFYl9uqw0p+THMoLT+JwAGFUVhcqUN0ogdQ/gzjYG0r69ZTNYG8x0IfoV/Upc1EKbEcDqtjGiuD9nhpF2mg6QElNR0IgbwO39rhY5DbJZ9OgRTY9ofwwBjWzUgXA4TvUYjJp+TzxKUNuCSyZWXspbYvpaQHOe4E1xQJbbI53zJzWDuLfpcP+G1PNcOGhSEC4sTaeDmQcI3qPKvWAMvDhId/66ZpziQYFKNW51v7lgawuxrQ3aw2jJ9mJCXFWdfzARqpbSdBj3I0wtoIJWWd/+TteE7oibeQEBEyhSCl1p3cBu4BDBZscZ1x5Flf+ymgnj0i3GmmI7M91+YEsR23NLrFX+d3R/AiL/q/hHyxNHFPyRgOQ5KeV0OcW0bNsgM7vUjmP3NjUkU7JYCz4yROfbxOa7JBi8rVVrALcsyN2yjroU7WT5JfMsUmRHwI2+YGiqSc8Nyy3PyB6ISCzk5pjIUrRECzjA0+fsjwLYzG7R0+bubKgeyO9ChMRnYNA4AxsQdgdivKysGtW+ud+uti+kXMxT+Jk38zpNonOorp0nG7tLiV4sqnOngxfx5xm2B+bcFaGKckK9RebOUr4XT9c5Ah08SS7tkk5Py1dThLYvzn3zjhPPLODms85OJzKh39AaS0Q6SCiuiHR8HSP5P3Wt0fM5JxOfU5lBfmgruFJLJ9PqOmDULgmvnoojasggSnGhexkoGVACh+wVDCPJmj8dNv8pjQ5wcwG1w/WIUul+snc6sz1x0vJzwlbiQ==
Content-Type: multipart/alternative; boundary="_000_CH3PR13MB6747B5613E933D7D9055826EE1132CH3PR13MB6747namp_"
MIME-Version: 1.0
X-OriginatorOrg: numeracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR13MB6747.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 80edc05e-20b0-43a0-400e-08dd30ed1941
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2025 20:35:04.5511 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b807d15e-47b0-447f-a656-f397dba6285c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Nsb6IehRYwLC2Df94XQ6+jvpoUenO35E1U4TlJ55U5CbS8WYo8JK4O0pTiMNDBVbql2jOSJ8s97DEZMMSvcvAj2suzYRimMpL/tUT3+xz8Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB3787
Message-ID-Hash: LIRATJATEFWGAYWCUR7DLQM4KZTXSO6Z
X-Message-ID-Hash: LIRATJATEFWGAYWCUR7DLQM4KZTXSO6Z
X-MailFrom: Pierce.Gorman@numeracle.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Uwg15Ri6fSH18pMCxnp0A1JsRj8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

My experience has been that greater specificity is appreciated.  I think consensus (where “consensus” != “unanimity”) is the most significant measure of whether a “draft is complete” (and that the ADs are satisfied).

I’m not arguing that the more specific text be included.  I’m saying do not be overly concerned if it is.

Pierce



CONFIDENTIAL
From: Dean Saxe <dean.saxe=40beyondidentity.com@dmarc.ietf.org>
Sent: Thursday, January 9, 2025 2:29 PM
To: Paul Bastian <paul.bastian@posteo.de>
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.


EXTERNAL EMAIL
I agree with you, Paul. A statement that this is not anonymous should be sufficient.

-dhs

--
Dean H. Saxe, CIDPRO<https://idpro.org/cidpro/>
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe@beyondidentity.com<mailto:dean.saxe@beyondidentity.com>



On Jan 9, 2025, at 12:10 PM, Paul Bastian <paul.bastian@posteo.de<mailto:paul.bastian@posteo.de>> wrote:
It seems to me saying "SD-JWT is not an anonymous credential system according to <link>" then seems sufficient, as most of the other text is already present in the thorough unlinkability section.

Also I see that it gets increasingly difficult, if drafts have to enumerate all the things that they are not, this is a slippery slope that may never be complete.

Best, Paul

On 1/9/25 8:32 PM, Watson Ladd wrote:

On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe
<dean.saxe=40beyondidentity.com@dmarc.ietf.org<mailto:dean.saxe=40beyondidentity.com@dmarc.ietf.org>> wrote:
I’m struggling with the same thing.  If there’s somewhere that this is described/documented it should be linked from the text.  I added the same comment to the PR.

https://www.google.com/url?q=https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535%23issuecomment-2580990520&source=gmail-imap&ust=1737058221000000&usg=AOvVaw2ZJTyUSYKf5i67EjayhT9A
We can link to CL01, but I think there might be some easier to
understand presentations. Will look.

-dhs
--
Dean H. Saxe, CIDPRO
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe@beyondidentity.com<mailto:dean.saxe@beyondidentity.com>




On Jan 9, 2025 at 10:20:56 AM, Paul Bastian <paul.bastian@posteo.de<mailto:paul.bastian@posteo.de>> wrote:
Hi Watson,

Could you please link the standard security notation for anonymous credentials that you are referring to?

Best, Paul
_______________________________________________
OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>
To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>
_______________________________________________
OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>
To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>

v2.39.1 | Report a Bug | By Email | System Status