[OAUTH-WG] Re: -15 of SD-JWT
Brent Zundel <brent.zundel@mesur.io> Wed, 29 January 2025 15:48 UTC
Return-Path: <brent.zundel@mesur.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7F7C1840C8 for <oauth@ietfa.amsl.com>; Wed, 29 Jan 2025 07:48:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIbknDn7gocw for <oauth@ietfa.amsl.com>; Wed, 29 Jan 2025 07:48:56 -0800 (PST)
Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79410C1840F3 for <oauth@ietf.org>; Wed, 29 Jan 2025 07:48:56 -0800 (PST)
Received: by mail-oo1-xc2b.google.com with SMTP id 006d021491bc7-5f2e31139d9so3162370eaf.0 for <oauth@ietf.org>; Wed, 29 Jan 2025 07:48:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20230601.gappssmtp.com; s=20230601; t=1738165735; x=1738770535; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eBlni7Pct8v7dh+9kjT/ms9nkjWyZqF8XW9CtTWthIw=; b=hX1d+z6GghUf41a4J/gfpTI9IWjFtOMl04DWH9Lov05nNDlARuSY4dJbnW9b0Xw71B 4bQ2QPFGL2BQ7leoPXmGSv/K7l7vDpDBStVn+iirwEFiUXOv5BDw7mFmxp01Cz+G/4RM yeeecKNYz+zyf5RYwFZx+VQic+KbVttVY1OVYTcIrmblzWmrUHF71r/GQdNDt8aGFVvE ZLXyY+wSNh/EDtu9uA4xvUMJBYeeD5l2FXiy33T3ImmbSMCt1znBL9k08PbmyT0yEbAg w+2NlhT7BioIojk51uSisuE+WSnghqfP7CxDUDZ0ylhp8Bg2fDU9KzGtOSlqYvGeIvSe 5Nvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738165735; x=1738770535; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eBlni7Pct8v7dh+9kjT/ms9nkjWyZqF8XW9CtTWthIw=; b=iI65UYoBJxB/HABTUHM6ptbjQCGh38jOGg6tK13SFfVCbt77wxH8Xl7a1Z6+1Fu/QZ SqIot3QLZr3m8YIsOUVUOOlFaLxjAzzWBO3IlXx+0Ycz5EYb+fGFglIMp5jWP01ijYRJ wydBVdh5zzwKfcj6qgocPvTj3I2l/o4UGiaWtdp52A5ACgPLjvWt5BK1pot4qrqVf1kY U3pMquGJIlnPd2AbD13JbN498zdN0lbm3+8ltCZh97iC566hfv6b8RT/ggPIZutgBHLS klq0heJZNNZI0zmFlqKq5HcC5ASbazQwZ3BY6zeqgQE44/Daumu9uwSvbrugcbDEeb6O v2/Q==
X-Forwarded-Encrypted: i=1; AJvYcCVgjTCIz9kaGzLvSjx81VGPlDTO0ZPJumKYATEwRUBVCTtVJY68ytpu5AE4k1sxyOunmIWw5A==@ietf.org
X-Gm-Message-State: AOJu0YwRH8t1YFi+JUkAx8AtXGTwqF1rPRMv6gvkpWeemNKvw0SG1102 Zxvz2G7SGkSNsUdTLa7019iIoZtkUQ5WNGpD/QvFJ+S+d8/LShV9CNF3cyydku+5R9iW5s64z+n ytw1EPGIaLKridJrka7lNb8jtrISutyx2WkvFkw==
X-Gm-Gg: ASbGncvYuzwwT/5zS5AQ3Y8J+qQ1dc+keRG42JCLeuVsuPXgqCtaqU+fZ2R9hn4kEol v83G613zJTXtZDtKHNxylX5f1zU2hr0Qrh12S2NqQS6v15Gl5w0X8uCiT8Zqi4T3bC3en0V4=
X-Google-Smtp-Source: AGHT+IFnXVanEIdJGJByzgAy0qZOQ6QwNTZYn2DOyrIEgbRzGgY9xpdBWUDwypJP4EyBbRyh9TxWihqUBYjjtHQH7GA=
X-Received: by 2002:a05:6820:1997:b0:5fa:2139:3f2 with SMTP id 006d021491bc7-5fc0025a864mr2492913eaf.1.1738165735479; Wed, 29 Jan 2025 07:48:55 -0800 (PST)
MIME-Version: 1.0
References: <173705224344.1092276.9982201992849908644@dt-datatracker-57c4c68d9c-p9khg> <CA+k3eCQ6wjPhXsLzPiRpYpDCmTUgfU=aTuWAr7X+tAFYVKYu3A@mail.gmail.com> <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com> <CA+k3eCSATeU343WtKrTiqbzXf25awdMN-VRnzyrogXSQt1_jQA@mail.gmail.com>
In-Reply-To: <CA+k3eCSATeU343WtKrTiqbzXf25awdMN-VRnzyrogXSQt1_jQA@mail.gmail.com>
From: Brent Zundel <brent.zundel@mesur.io>
Date: Wed, 29 Jan 2025 08:48:43 -0700
X-Gm-Features: AWEUYZn1iIk9_xafRGC678elFt9lWtrP_YGo3CdUTkVggAhDVxttu9UoAYr7SSk
Message-ID: <CAK=m9GaTtjSL9N_iRxZnZk3GeEZ+V6xVf8pKJc_oC2mPQfB_Fw@mail.gmail.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000397393062cda3ff4"
Message-ID-Hash: 6LRGAPWL6BYFY4CWXS5X6FRKZKQ46XXS
X-Message-ID-Hash: 6LRGAPWL6BYFY4CWXS5X6FRKZKQ46XXS
X-MailFrom: brent.zundel@mesur.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>, oauth-chairs@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: -15 of SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Xl8YH8yngjhqkZCuE-pOvt9b3rU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
fwiw, I also believe the draft is ready to progress. On Wed, Jan 22, 2025 at 2:17 PM Brian Campbell <bcampbell= 40pingidentity.com@dmarc.ietf.org> wrote: > Watson, > > I think perhaps there's a misalignment of goals here. > > My perspective is that the privacy considerations are good enough (and > have been for several months now) for the draft to proceed and will likely > be improved or changed more anyway during the course of shepherd, AD, > directorate, and IESG reviews yet to come. > > There were some accommodations made to hear your concerns and then > incorporate text based on your most recent suggestion. From my point of > view, this was an olive branch offered to help move the conversation > forward. It was not intended as an invitation or obligation to introduce > further, more significant changes. > > I strongly believe it is time for this draft to progress, a sentiment I > share with the draft co-editors and I think a significant portion of the > working group participants. Once again, I respectfully request that the > chairs initiate the document shepherding process. > > > > > > On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > >> Brian, >> >> I'm glad we've finally reached rough consensus on adding the paragraph >> I've wanted since SF, and more importantly highlighting the issues >> that the security failures of SD-JWT makes for users. >> >> However, the editorial issues with the verbosity of the privacy >> considerations remains, and has gotten worse. Is there really no way >> to condense it? I hoped that instead of my hamfisted mass deletion in >> the first PR we'd have a more careful rewrite of the preceding text in >> light of the new consensus to express, vs. not touching it. >> >> I think it would read better as follows: >> >> - Move the summary paragraph (with some edits (s/above/below/ etc)) to >> the top of the section >> - Delete the paragraph that goes "Issuer/Verifier unlinkability with a >> careless," as it is subsumed by the summary entirely. We'll put the >> data minimization note in somewhere else >> - "Contrary to that, Issuer/Verifier unlinkability" - add in the data >> minimization note here >> >> Probably this will need some more chopping at. >> >> IMHO it seems that rather than agree on what we want to say, then say >> it, we've agreed to say 3 or 4 different things all at the same time. >> I don't think that's actually recording agreement on the substance of >> what we want to say. >> >> When we talk about batch issuance we say it achieves presentation >> unlinkability. However, that's not how we defined presentation >> unlinkability, which applies to multiple showing of the same, not >> different credentials. I'm not really sure what to do with that: maybe >> "achieves" should become "works around the lack of". Or maybe we need >> a different notion of same, but that's going to force some very >> sweeping changes. >> >> Sincerely, >> Watson >> >> -- >> Astra mortemque praestare gradatim >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org >
- [OAUTH-WG] -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Michael Prorock
- [OAUTH-WG] Re: -15 of SD-JWT Brent Zundel
- [OAUTH-WG] Re: -15 of SD-JWT Paul Bastian
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Pierce Gorman
- [OAUTH-WG] Re: -15 of SD-JWT Daniel Fett
- [OAUTH-WG] Re: -15 of SD-JWT torsten