[OAUTH-WG] Re: -15 of SD-JWT
Brian Campbell <bcampbell@pingidentity.com> Wed, 22 January 2025 21:17 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB0CBC1840F4 for <oauth@ietfa.amsl.com>; Wed, 22 Jan 2025 13:17:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a14OcUjQsTDs for <oauth@ietfa.amsl.com>; Wed, 22 Jan 2025 13:17:31 -0800 (PST)
Received: from mail-ua1-x933.google.com (mail-ua1-x933.google.com [IPv6:2607:f8b0:4864:20::933]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71FD4C131800 for <oauth@ietf.org>; Wed, 22 Jan 2025 13:17:31 -0800 (PST)
Received: by mail-ua1-x933.google.com with SMTP id a1e0cc1a2514c-85c5adbca8eso61280241.0 for <oauth@ietf.org>; Wed, 22 Jan 2025 13:17:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1737580650; x=1738185450; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3WIvW7EaVZJH1DAk3n1mcQ2dVuqTxiLsSFa8gRanJSo=; b=a7YYT8PeJz/p9CnurmZiqBT/RduaBqDpvbu44tjXKKfBcrz1oCe6NYM8Gg+y49JRuF I42fbap+S395IkUCufEMu5TitNQaB/eeR4yWUi1qGl/6wM1XCOUohvp4Uwb+AyzvErvq R86JlpS74Or37sVbSRWi3Sux4OAPf6eInHb3yASExO+CtR8mEilies4RqEf9w7Fca0DA IodvN3kVJa0b6RzY2EPpT/lP8tGcHP038B4JyhuRNRiON/1NZm+OXf81wSASOuC13tU2 A9fdDbFZKgOlFuz7oWYQzvLY1FDCVIvQ6p16vF9pXVKmsgCWnjHEBN/nk1+BDGPNQXkA Os4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737580650; x=1738185450; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3WIvW7EaVZJH1DAk3n1mcQ2dVuqTxiLsSFa8gRanJSo=; b=nTzT9rQp5AV7dUcBBY/J6HjhzxiBzPrdMICozkmtET5ARtA4RRlyJmrhSssqBTp2+n kbbEg/Z2zn8aBMytLsjabKRj+bc0qkJ5Ugpe3+1ncmrlfwyT/qdc8ypElLXlenlJdICE /KtAL78s5+Aeb4dk9oXEqUBGSOqjgN6NxRUw932+euSZ8tD09VL72blvMa28tJ4juPMI fao3kLT3nF62U3z2F7bwdtI08dfjcoJBw8dFpJR3mw/dJVG/3p2f7kIjPs0SxiqnG/52 sVzgfP3+n3c5DboqCvIXACfxOTUotiTOs+MWKd1RKBO1Vck/9KwsWqT8qqIcTHMgrAwx F+TQ==
X-Gm-Message-State: AOJu0Yy1cACcfeiRw8mI8ysxLUxdJRiWeFgP/vNzl1q1J3t4ZvRl1oDl hrf/rU/go8o2KcM2+O7ThuEL5My0xz/w3eIZ9Hd/dI098YK+CWrinVfYBr8eNeQoh79cH0SHf2s fMAC8oacm6+hBsEMGPU0BYd06ejoo6qRM+FuRE2Fwsve/bgpfL6y6ncYeX8OkprbvZPgbJlg10b FM5vuqdJYTWg==
X-Gm-Gg: ASbGncsVx02SM+HNykOz0NQusSewGlHwzJoURknu3zYi58wSEPNYkAWNuLiL7sjLABf cETjoUihnIu2kwNDiKjdOdIJk1fRQ3y8Tzxe5J9OBVbSJx1urxO/F
X-Google-Smtp-Source: AGHT+IEaDPoWGzXLE2m4PUbxwsJwKZ9n/qivVKtaPM6AX8+tITKDYQ5yX1ZMc11kJ0Gg6yVSWGVn1nCUFO3p+SS/Hwo=
X-Received: by 2002:a67:e709:0:b0:4b1:3709:9361 with SMTP id ada2fe7eead31-4b690c9a9a4mr23993408137.19.1737580650496; Wed, 22 Jan 2025 13:17:30 -0800 (PST)
MIME-Version: 1.0
References: <173705224344.1092276.9982201992849908644@dt-datatracker-57c4c68d9c-p9khg> <CA+k3eCQ6wjPhXsLzPiRpYpDCmTUgfU=aTuWAr7X+tAFYVKYu3A@mail.gmail.com> <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com>
In-Reply-To: <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 22 Jan 2025 14:17:04 -0700
X-Gm-Features: AWEUYZkmNzufTvAWfg1bF9KSnahXXNJ5RyUZkwKoBJIaR_WVbKp5Ly5cwaXnLfY
Message-ID: <CA+k3eCSATeU343WtKrTiqbzXf25awdMN-VRnzyrogXSQt1_jQA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000712094062c5205b5"
Message-ID-Hash: 776ACUZ3HUSTNJJBWHPML2K2JHT65BJE
X-Message-ID-Hash: 776ACUZ3HUSTNJJBWHPML2K2JHT65BJE
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>, oauth-chairs@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: -15 of SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ofEkwcXjAjK6JFzkHYNvvmXbF84>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Watson, I think perhaps there's a misalignment of goals here. My perspective is that the privacy considerations are good enough (and have been for several months now) for the draft to proceed and will likely be improved or changed more anyway during the course of shepherd, AD, directorate, and IESG reviews yet to come. There were some accommodations made to hear your concerns and then incorporate text based on your most recent suggestion. From my point of view, this was an olive branch offered to help move the conversation forward. It was not intended as an invitation or obligation to introduce further, more significant changes. I strongly believe it is time for this draft to progress, a sentiment I share with the draft co-editors and I think a significant portion of the working group participants. Once again, I respectfully request that the chairs initiate the document shepherding process. On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > Brian, > > I'm glad we've finally reached rough consensus on adding the paragraph > I've wanted since SF, and more importantly highlighting the issues > that the security failures of SD-JWT makes for users. > > However, the editorial issues with the verbosity of the privacy > considerations remains, and has gotten worse. Is there really no way > to condense it? I hoped that instead of my hamfisted mass deletion in > the first PR we'd have a more careful rewrite of the preceding text in > light of the new consensus to express, vs. not touching it. > > I think it would read better as follows: > > - Move the summary paragraph (with some edits (s/above/below/ etc)) to > the top of the section > - Delete the paragraph that goes "Issuer/Verifier unlinkability with a > careless," as it is subsumed by the summary entirely. We'll put the > data minimization note in somewhere else > - "Contrary to that, Issuer/Verifier unlinkability" - add in the data > minimization note here > > Probably this will need some more chopping at. > > IMHO it seems that rather than agree on what we want to say, then say > it, we've agreed to say 3 or 4 different things all at the same time. > I don't think that's actually recording agreement on the substance of > what we want to say. > > When we talk about batch issuance we say it achieves presentation > unlinkability. However, that's not how we defined presentation > unlinkability, which applies to multiple showing of the same, not > different credentials. I'm not really sure what to do with that: maybe > "achieves" should become "works around the lack of". Or maybe we need > a different notion of same, but that's going to force some very > sweeping changes. > > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Michael Prorock
- [OAUTH-WG] Re: -15 of SD-JWT Brent Zundel
- [OAUTH-WG] Re: -15 of SD-JWT Paul Bastian
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Pierce Gorman
- [OAUTH-WG] Re: -15 of SD-JWT Daniel Fett
- [OAUTH-WG] Re: -15 of SD-JWT torsten