[OAUTH-WG] Re: Second WGLC for SD-JWT
Daniel Fett <mail@danielfett.de> Wed, 13 November 2024 15:50 UTC
Return-Path: <mail@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9D6C15152F for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2024 07:50:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZryhB9rajqT1 for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2024 07:50:07 -0800 (PST)
Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [IPv6:2001:67c:2050:0:465::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9193EC14F6B7 for <oauth@ietf.org>; Wed, 13 Nov 2024 07:50:07 -0800 (PST)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4XpSQy5dNfz9svF for <oauth@ietf.org>; Wed, 13 Nov 2024 16:50:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=MBO0001; t=1731513002; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=d7K8hcH3YEZmSYcaQdNsVwkrzVN5yaqiVKYPlC8fvuA=; b=CB7I/WIlymDlvkNOJLfJmKblalxyUutt3ciU9XQg2SBdkGmED22RLkVoyxBC8yJsbGjOg1 FIULkLmual5Y2bw2UoBX5YwP04d9Mzj0CSScr1ymt5A6bidu4IPZm12UK5+r1DEUNN2bzJ Tt9quKfCwGWxz8G2yqZ0T2b18xeKp3W5ACSDt5Z4RHbM1Whkod4/L4rNuiNCrbR+c3HSFi ytZEjO/dMDPFM0Zltt/JlK/GLTTrhjZPYLy6wU5r9LfBY0SqgkGsNzJcTrK4bTzs6t8Ne+ 0iAA2j0vYkHKYoDur28Jd77qRjA/USYBlLit4A8QfANli3RzR1RB/b2vWUZmjw==
Content-Type: multipart/alternative; boundary="------------aOMA07pcHgv60wZu00MjAevL"
Message-ID: <73c03d2e-f629-4096-8796-8e3965df909e@danielfett.de>
Date: Wed, 13 Nov 2024 16:49:54 +0100
MIME-Version: 1.0
To: oauth@ietf.org
References: <CADNypP9aEU4Ka+0u8PQ3W+jmLN5c6NK77i25Wo9bxquML5Ky2w@mail.gmail.com> <CACsn0ckMs=7St7hNPGb29yKjm3SBnC1pBJiuNyXRCT4Edg9mEg@mail.gmail.com> <CA+k3eCR9dZsj1ZQVT4nWrHzh0vGouzbD1cOEtBvD5WbXosOMXQ@mail.gmail.com> <CACsn0c=wiCU_XEdXzTz_tmVA-WHmVQOkS3Zobe8bU=VQP_Jaog@mail.gmail.com>
Content-Language: en-US
From: Daniel Fett <mail@danielfett.de>
In-Reply-To: <CACsn0c=wiCU_XEdXzTz_tmVA-WHmVQOkS3Zobe8bU=VQP_Jaog@mail.gmail.com>
X-Rspamd-Queue-Id: 4XpSQy5dNfz9svF
Message-ID-Hash: KGJRZT7VNOJ7PRTKADMPJ2PU6CPZUI4H
X-Message-ID-Hash: KGJRZT7VNOJ7PRTKADMPJ2PU6CPZUI4H
X-MailFrom: mail@danielfett.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Second WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/czP1cGb_jPHvoA4hS6Y_51APMlY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Am 13.11.24 um 02:04 schrieb Watson Ladd: > > I'd appreciate if others would weigh in, particularly if they haven't > followed this debate before. Happy to - as a co-author of the draft, I think that the current text addresses this risk sufficiently. Besides that, I'd second what Brian said. -Daniel > > > On Tue, Nov 12, 2024, 3:59 PM Brian Campbell > <bcampbell@pingidentity.com> wrote: > > Consistently saying something isn't the same as gathering > consensus about what, if any, changes to make as a result of > saying it. The IETF has a consensus-based process for standards > development and sometimes one individual's viewpoint falls outside > consensus. Repeatedly voicing the viewpoint doesn't change that. > > I suggest the WG proceed with submitting the draft to the IESG for > publication while noting in the Shepherd Write-Up that Watson has > repeatedly raised a concern about privacy implications and, > despite changes being made as a result, has raised the comment > again. I believe it's completely reasonable at this point to > declare the comment as "in the rough" with respect to the > consensus of the WG. > > > On Fri, Oct 25, 2024 at 9:45 AM Watson Ladd > <watsonbladd@gmail.com> wrote: > > The privacy issues I have consistently raised have not been > addressed > through actionable text. > > Implementers are not receiving guidance with the current > version. The > actual risks are buried below a bunch of words talking around the > issue. > > I'll be very clear: if a user uses this technology to pass an age > verification filter, they will end up exposing their complete > identity > without knowing it. This is an unacceptable risk, and no one > disagrees > the technology poses it. Implementers will often not have the > skills > or knowledge to identify this concern independently, and need > actionable guidance on how to mitigate it. We provide far more > actionable guidance on storage of credentials. > > On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef > <rifaat.s.ietf@gmail.com> wrote: > > > > All, > > > > This is a short second WG Last Call for the SD-JWT document > after the recent update based on the feedback provided during > the first WGLC > > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt > > > > Please, review this document and reply on the mailing list > if you have any comments or concerns, by Oct 25th. > > > > Regards, > > Rifaat & Hannes > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-leave@ietf.org > > > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > > > /CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). > Any review, use, distribution or disclosure by others is strictly > prohibited. If you have received this communication in error, > please notify the sender immediately by e-mail and delete the > message and any file attachments from your computer. Thank you./ > > > _______________________________________________ > OAuth mailing list --oauth@ietf.org > To unsubscribe send an email tooauth-leave@ietf.org
- [OAUTH-WG] Second WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Tom Jones
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Paul Bastian
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis