[OAUTH-WG] Re: -15 of SD-JWT
Watson Ladd <watsonbladd@gmail.com> Wed, 29 January 2025 18:08 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E114C180B4D; Wed, 29 Jan 2025 10:08:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAgbcOL9RBg4; Wed, 29 Jan 2025 10:08:57 -0800 (PST)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C83A5C151073; Wed, 29 Jan 2025 10:08:57 -0800 (PST)
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-385de9f789cso5618620f8f.2; Wed, 29 Jan 2025 10:08:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738174136; x=1738778936; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0z8L9kmTf9cTiBRhyN4c8x/Mi0TbgcTf6mLxOLYuOfo=; b=nas+9vFRSZUrAJVXYgnCwq0uyKslelgMW9plNFS4iCcmYe4ahyKkB1hJDAlZO61lsn v30QSmn8VRIu8UrQ5z1pwJ+E3wP5qWtZLHOzxNvq+qLZDaCeVOhcG1dmIjdTOvPnnLpz DsCUBrKu5mjKYch7b6YwoQE/cE3aXnaQX2I5syhUass8Sbjy7n0v1r5Q22BqKcS+yBdx 8gYDi8JlcNr+qFDHkT7rVkeZTNOxOAa7NIDF/IOGOrjwnnewMOf7wYPAw20wz5uS90zB Bf7zi+1UK1noA6TVT42KPxnokdhq5I5tZo6NfPgv4f+9f76IgHZ76zu8I+wCv/tSFW3A g48w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738174136; x=1738778936; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0z8L9kmTf9cTiBRhyN4c8x/Mi0TbgcTf6mLxOLYuOfo=; b=lE6gPus7yenHmOj/7MsEyhc72nhGIV0tu7dfCHhXCm05b8VCc52mVO3Kp+JX3jAN+S JsSSq2dPbwH23PGmfpsk2X7ysusypOXtAS2X+v+q1odhuEbFpr9bjmQvchI5GJGJS4wI qnU5/nE1rHaCHxY1JwygsTOoi8ZRbz6aBa1OPHVnYUGbMZmmBJtG4oteuqmnKJxBsNhE 4zuVf1GZ4vWtGBBoZZuSquC3vseO6vwxTLMk6/dCwg/EKibItd7bCwiJUn6IeL/azxOY CIpiED3ZLdaMqL7g0VYTHJXqM9eWCuGa5BkKpKpV1/muLsszXbhp05fRd9pC6U/mKomF e2yw==
X-Forwarded-Encrypted: i=1; AJvYcCVj4kBh9wI03qy0AVee6u7f9M+6zCRFXJ+NdI8jxN7PfW/UGn4wKhBrZlpOp0U4hXT5RpixYN2kBSnEctQ=@ietf.org
X-Gm-Message-State: AOJu0YynhYDu/mn7/V9Rm/Qg24BvS+nz3aIPfXfLbLQwSJPcXuwGjrAU cZOAprSWdjGCNTT4FISSE0pmTmEX7B6TqVnvokKRcLDXnaYbu/Ml5TicioNgfb4iA1m99dSbiYv tpW4vdzgA+KyQhyT54PE27vDMZFmFqywv
X-Gm-Gg: ASbGncuz2MtnTy5LpGMOQCYjedS8GsGKHd1jY4dCOx+7xZAqiqBMlnG/Jjk3718OaL9 w6ukJ4c03dXeVUZ1IhrAAU3oIhmOgNm1/muoIrid+kZgSKqi02ugMNsSyUsDl1HjgJHInz/P6k/ IoR95HhdVi6oZJrpXUc5bKlkTzFp2pwA==
X-Google-Smtp-Source: AGHT+IEW+FT11C76gstUvKoZKfoDUNdxzKn74uR8ovfzu6ZlQ8e5vizjlc+9wbkOT39Qxz+FXmQVMA3lDWpBQcm0TGA=
X-Received: by 2002:a05:6000:2c4:b0:38a:624b:e7fe with SMTP id ffacd0b85a97d-38c5192f2f9mr3571550f8f.7.1738174136204; Wed, 29 Jan 2025 10:08:56 -0800 (PST)
MIME-Version: 1.0
References: <173705224344.1092276.9982201992849908644@dt-datatracker-57c4c68d9c-p9khg> <CA+k3eCQ6wjPhXsLzPiRpYpDCmTUgfU=aTuWAr7X+tAFYVKYu3A@mail.gmail.com> <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com>
In-Reply-To: <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 29 Jan 2025 10:08:45 -0800
X-Gm-Features: AWEUYZlia61whDcIglNeOQp_4UQZ1pZwN0EqHsmi44i1MTRJBsPhZpeIBjsj8IU
Message-ID: <CACsn0ck-aZaPOTWgFbLPN3zoJ+dRO5hPAaN=qA9=VmwQFp=97Q@mail.gmail.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: QJ26GC47EM6442FGTJXDUCYSBTUZUHPV
X-Message-ID-Hash: QJ26GC47EM6442FGTJXDUCYSBTUZUHPV
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>, oauth-chairs@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: -15 of SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/aVJQa5PCM0uJGZm6KvNCaESyjTs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
After discussion with the authors we've agreed that editorial improvements, including to the security considerations section, can happen later in the process, and that it shouldn't prevent advancing the draft. On Thu, Jan 16, 2025 at 7:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > > Brian, > > I'm glad we've finally reached rough consensus on adding the paragraph > I've wanted since SF, and more importantly highlighting the issues > that the security failures of SD-JWT makes for users. > > However, the editorial issues with the verbosity of the privacy > considerations remains, and has gotten worse. Is there really no way > to condense it? I hoped that instead of my hamfisted mass deletion in > the first PR we'd have a more careful rewrite of the preceding text in > light of the new consensus to express, vs. not touching it. > > I think it would read better as follows: > > - Move the summary paragraph (with some edits (s/above/below/ etc)) to > the top of the section > - Delete the paragraph that goes "Issuer/Verifier unlinkability with a > careless," as it is subsumed by the summary entirely. We'll put the > data minimization note in somewhere else > - "Contrary to that, Issuer/Verifier unlinkability" - add in the data > minimization note here > > Probably this will need some more chopping at. > > IMHO it seems that rather than agree on what we want to say, then say > it, we've agreed to say 3 or 4 different things all at the same time. > I don't think that's actually recording agreement on the substance of > what we want to say. > > When we talk about batch issuance we say it achieves presentation > unlinkability. However, that's not how we defined presentation > unlinkability, which applies to multiple showing of the same, not > different credentials. I'm not really sure what to do with that: maybe > "achieves" should become "works around the lack of". Or maybe we need > a different notion of same, but that's going to force some very > sweeping changes. > > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim -- Astra mortemque praestare gradatim
- [OAUTH-WG] -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Michael Prorock
- [OAUTH-WG] Re: -15 of SD-JWT Brent Zundel
- [OAUTH-WG] Re: -15 of SD-JWT Paul Bastian
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Pierce Gorman
- [OAUTH-WG] Re: -15 of SD-JWT Daniel Fett
- [OAUTH-WG] Re: -15 of SD-JWT torsten