[OAUTH-WG] Re: Second WGLC for SD-JWT
Denis <denis.ietf@free.fr> Fri, 25 October 2024 20:09 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 063F4C151990 for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2024 13:09:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLXHU5Wx-SF2 for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2024 13:09:36 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DC1C15198B for <oauth@ietf.org>; Fri, 25 Oct 2024 13:09:36 -0700 (PDT)
Received: from [192.168.1.11] (unknown [90.91.46.145]) (Authenticated sender: pinkas@free.fr) by smtp6-g21.free.fr (Postfix) with ESMTPSA id 2AE4B78032A; Fri, 25 Oct 2024 22:09:31 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------AVJYdU6fvDS00lILm39k0nGh"
Message-ID: <e782b5d9-a095-422e-8371-676b571e40a3@free.fr>
Date: Fri, 25 Oct 2024 22:09:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Watson Ladd <watsonbladd@gmail.com>
References: <CADNypP9aEU4Ka+0u8PQ3W+jmLN5c6NK77i25Wo9bxquML5Ky2w@mail.gmail.com> <CACsn0ckMs=7St7hNPGb29yKjm3SBnC1pBJiuNyXRCT4Edg9mEg@mail.gmail.com>
Content-Language: en-GB
From: Denis <denis.ietf@free.fr>
In-Reply-To: <CACsn0ckMs=7St7hNPGb29yKjm3SBnC1pBJiuNyXRCT4Edg9mEg@mail.gmail.com>
Message-ID-Hash: CBMQJCGCDEPQGTOODMZ3IF6I4WVSE6XD
X-Message-ID-Hash: CBMQJCGCDEPQGTOODMZ3IF6I4WVSE6XD
X-MailFrom: denis.ietf@free.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Second WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/nypJ69Fc40BWd4MdJjFAsHCQZiQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi Watson, 1) You wrote: if a user uses this technology to pass an age verification filter, they will end up exposing their complete identity without knowing it. When reading the current draft, I understand that your position looks correct. However, it is possible to only reveal that an End-User is over 18 without revealing his complete identity, but this can only be achieved if collusion / collaborative attacks between End-users against a Verifier can be prevented. See my comments: *33.**Section 9.5 (Key Binding), * * * ***24.**Section 5.1.2* *27.**Section 4.3.2 (Validating the Key Binding JWT)* which indicates that an additional claim is REQUIRED in that case: * -hchar: REQUIRED.This claim allows the Verifier to know specific characteristics of the Holder (holder characteristics), in particular whether some of these characteristics are able to counter Holder collaborative attacks against a Verifier. * 2) On 31/07/2024 under the topic "[OAUTH-WG] Re: We cannot trust Issuers", See: https://mailarchive.ietf.org/arch/msg/oauth/-nmcr36-4qg7NuoXhiuP1nwJonQ/ you wrote: I've opened https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/448 as a step torwads this. On Mon, 2024-07-22 at 19:43 -0400, Richard Barnes wrote: I would observe that any solution based on garden-variety digital signature (not something zero-knowledge like BBS / JWP) will have problems with issuer/verifier collusion.One-time tokens and batch issuance don't help.There is no such thing as SD-JWT with issuer/verifier collusion resistance.At best you could have SD-JWP. I don't think this needs to be a blocker on SD-JWT.There are use cases that don't require issuer/verifier collusion resistance.We should be clear on the security considerations and warn people away who care about issuer/verifier collusion resistance, and accelerate work on SD-JWP if that's an important property to folks. (...) There is an attempt at a discussion around unlinkablity in the privacy considerations at https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-unlinkability currently. Concrete suggestions to that text about how to better frame the risks and difficulties around Issuer/Verifier Unlinkability (perhaps especially with respect to something like a government issuer compelling collusion from verifiers) would be welcome for consideration. In my comment numbered 36. New Section 10.2 (Intrackability), I have purposely not used the word "unlinkability" for that case, but the word "untrackability". A major advantage is that an Issuer *alone* cannot *track* the End-User activities. It has been advertised that concrete suggestions "would be welcome for consideration". I have provided concrete suggestions to that text about how to better frame the risks and difficulties around this issue in my comment numbered 36. . When both the Verifier and the Issuer are forced to collaborate, e.g., upon the request from a national authority, a means to mitigate the risk is indicated. Denis > The privacy issues I have consistently raised have not been addressed > through actionable text. > > Implementers are not receiving guidance with the current version. The > actual risks are buried below a bunch of words talking around the > issue. > > I'll be very clear: if a user uses this technology to pass an age > verification filter, they will end up exposing their complete identity > without knowing it. This is an unacceptable risk, and no one disagrees > the technology poses it. Implementers will often not have the skills > or knowledge to identify this concern independently, and need > actionable guidance on how to mitigate it. We provide far more > actionable guidance on storage of credentials. > > On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef > <rifaat.s.ietf@gmail.com> wrote: >> All, >> >> This is a short second WG Last Call for the SD-JWT document after the recent update based on the feedback provided during the first WGLC >> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt >> >> Please, review this document and reply on the mailing list if you have any comments or concerns, by Oct 25th. >> >> Regards, >> Rifaat & Hannes >> _______________________________________________ >> OAuth mailing list --oauth@ietf.org >> To unsubscribe send an email tooauth-leave@ietf.org > >
- [OAUTH-WG] Second WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis
- [OAUTH-WG] Re: Second WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: Second WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Tom Jones
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Daniel Fett
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Paul Bastian
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Brian Campbell
- [OAUTH-WG] Re: Second WGLC for SD-JWT: 41 issues … Denis