[OAUTH-WG] Re: -15 of SD-JWT
Pierce Gorman <Pierce.Gorman@numeracle.com> Wed, 29 January 2025 21:15 UTC
Return-Path: <Pierce.Gorman@numeracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CD23C1D3DEF; Wed, 29 Jan 2025 13:15:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=numeracle.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USnenwPuuGhM; Wed, 29 Jan 2025 13:15:42 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2102.outbound.protection.outlook.com [40.107.94.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7DFEC14CEFE; Wed, 29 Jan 2025 13:15:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ewjn9rm9vHA6vrnBOO+6gxyEojQw86sQI4to6Dbdb1DIzLzPQ2oQTdBiauP/7AkmREiYJfMgSwSf7G1EuN8/ilDMsXsa3kr1lL9n7b/NwfuqgmUkCAqYwXJlVNmLQvxUjouOUBLbziIonZcNXiwuose804AQpvlG8hyXHMx6OuM0Rfow/M7zVKRQjycqrjX64F98sA2GMt09+bBN2CkER48GWh/bXYYXguJxxoIrpzG+req34SbGbvMKtxhoqQMc9mVCJYmublP6sVsDqhU4AO/V4f92hYDrz6qQYE1esfkeHSNdOAUJVB+N1BO01lYzVc7a+x/p8wR4iYsLEj491g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gARYUHifH9IfW25813YtuuXyRzVJPNOGsMVuoRgWaYQ=; b=r60sRg3mk1oV+4vblT8gQgwJcvhQS53dMjS5jpnEOgfV8c8NRewroH03T1Y8QPaN7Cxk3X5/PeivCqu/97g7D70ZnUl7ue5y0A8RTuk8v4mJppP5B5IAr/nQ9rsEXAmfKDkdtecwAntvXGi58O3hD9UxCUf28rQznZVhZCSmqlM/67CI3bp0rjthgxxKZJprALP5NWH/8LyY0ANLY5+kOLqW3sUK6OipfaNAyAE/Ctnejy+fckgagpe3Ie2YuUXaBUpHzQR8TTL0EU4liHjdjEWw1ceioLgWXvXBp8070k+Nc6rYprO0ozo5OhYlLanrOLT7JUu0q450WbTUAx1sxg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=numeracle.com; dmarc=pass action=none header.from=numeracle.com; dkim=pass header.d=numeracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=numeracle.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gARYUHifH9IfW25813YtuuXyRzVJPNOGsMVuoRgWaYQ=; b=TXRQ7/aj3HZkfpjA+f6XSRF7zUxHMhLMA/BmX52d2t6nWXwl1bgfzx1ZcPb74mPdx902vgnTJUnMUO+/HFzBLzsmPQjjdBY+JA86Lr2ijaDxbjztrCvqfbEyW8+LSA0lnxLBofLfd1emp1QaktVqPgmXf2WKx0yOwAXxPvR2OPIRs5TErZ4w7Mj7p/vfVnqHaqpX/sAkEcB9JXNqRe4zNqYBX8tWJE2j2ZX3mlCq+ZPkJ4aR9McBOGUy4R1WGh+PAjnoyCo9I+tx2ekT6/oUqykwl1zkXa4DmkulJPqaw65le3dKGuSLzBlvONC86WHPMkeLYe6o7vSv1UgEY1pp5Q==
Received: from CH3PR13MB6747.namprd13.prod.outlook.com (2603:10b6:610:1e4::5) by BLAPR13MB4707.namprd13.prod.outlook.com (2603:10b6:208:30f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8398.17; Wed, 29 Jan 2025 21:15:40 +0000
Received: from CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518]) by CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518%4]) with mapi id 15.20.8377.021; Wed, 29 Jan 2025 21:15:38 +0000
From: Pierce Gorman <Pierce.Gorman@numeracle.com>
To: Watson Ladd <watsonbladd@gmail.com>, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Thread-Topic: [OAUTH-WG] Re: -15 of SD-JWT
Thread-Index: AQHbaI+OJ7jXCTG350OvrUej/HjqibMuIIyAgAA0FcA=
Date: Wed, 29 Jan 2025 21:15:38 +0000
Message-ID: <CH3PR13MB674789A82C378DE550380A45E1EE2@CH3PR13MB6747.namprd13.prod.outlook.com>
References: <173705224344.1092276.9982201992849908644@dt-datatracker-57c4c68d9c-p9khg> <CA+k3eCQ6wjPhXsLzPiRpYpDCmTUgfU=aTuWAr7X+tAFYVKYu3A@mail.gmail.com> <CACsn0cm+xb78_8G2Txjzh0JWc0Ci97A_7nn2bvanOrXObc-BKQ@mail.gmail.com> <CACsn0ck-aZaPOTWgFbLPN3zoJ+dRO5hPAaN=qA9=VmwQFp=97Q@mail.gmail.com>
In-Reply-To: <CACsn0ck-aZaPOTWgFbLPN3zoJ+dRO5hPAaN=qA9=VmwQFp=97Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_ActionId=448d0ce4-90e0-4852-95fa-755b48618740;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_ContentBits=0;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Enabled=true;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Method=Standard;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_Name=Confidential;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_SetDate=2025-01-29T21:15:09Z;MSIP_Label_15e9b572-a956-451d-b5da-feb99663c3d1_SiteId=b807d15e-47b0-447f-a656-f397dba6285c;
x-codetwoprocessed: true
x-codetwo-clientsignature-inserted: true
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=numeracle.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR13MB6747:EE_|BLAPR13MB4707:EE_
x-ms-office365-filtering-correlation-id: ba89c180-6813-48ae-6c38-08dd40aa144b
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|366016|376014|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: 3dBFtRKDBIkm7ueDglyvw6xgS2Ptz2j+aIlKH9fW/kap7lzpjLphjuKhd/grUvgZcmCpqeyiCxFI6/gpZqbMwnt+szHs9st4yAfSKuMRNmgp/LEGoxaVVfB/imcblK6g2qN/2HAYk/nuDC9suEDwchHt/419RqKz4AfdCcIEjPbZb67E7cUvRIZjpBPLiR1TLfRtN1SUx3t0ecIIdCRzouDW/H8gPXmqRtMjilajx+BRipo08RlViZZL926+m8Ej5HMgDH12n7ZJBrxQNRPSjcypEVmsEWEaRHMHOpnOWgPsLmX14sQlFFwIv5GvgC2SQfPbTL217Y7hUJFadwvM3LTiTc4acIF/XsiIVIp3Sc/a5+UgYeTvKrgmpZPEyxxjh/E0rbr1cNgu1/JXyk49Z6P2Xxz2CJ3mvwXCB0Hec0HxpJjKC0Cf5yIioVULdyKE76/LSWW+Jr3Edi+bKAww6aTVr8tIYCjNhSd72nuNKKeQWo9m1KFitVk1cwNP2X2n6snDyozP41nl3ZbtY2VHYVIu5n+he1byb+ez5tl9XMyPVEkR+y9T6ssD65gJZOa3uwBC6539PFcZCJT/RHXeoecLlG8VVffT+g1AxtX53sXj+/mTkxP/iPo9BShDAH74rF6LT/SAWO4ICfv1EvGunVp5UEUHvkHS0esE3k9PRnTeoBqJ7EW7NP8XUbK96D/QxS9/BLclCgxvhdlnWIed7Ffx8IIg/gnTIPmJJXouVuGasvBuyAObiRc3v3LRrfUFJS4/siApYA9VbtD7pp2K2JIz4PycZzG+LJbkwegl706lRxNJHxTk86dAvh2GDYsTdm7JN33mq1yvs6LihJ7ADUxJ+ve4e/vmCQgbVZ9FUW2rI25/q4Z8JXD2wExJzqqlZiwShmrOdvw51Fzo/6lWLXaFuOmQfhLtY9k2JR+nse7uVOqPVM/mwxVdWEHbXMURdc+iziy8pIABDYJS/fLhHjL+9RhY8a4ryFYPUknUftjYlxr+6Jc0RHx9HachktGpVOYbKcqRWtDA1HAAV601ig09iFuudc548tSn4tBUqi8P3V4NiTzQH8tH4wwfYRjfAzSzUa0fgAesj/vkrla6dtMHEZ1qAEbla4VRsi9R6fb8TqmM6sE2zj4U34/Lvhy3ngGo6mRS4XYu5TP9hPmPLRm78jLhyF9EQkD2qeYeHickeH9U71+g6YVXGyXyQgEkiNcVMLi4U5v0GESdxonHfD38LJ/oBoFHaNJeSvTzxNvsKaeAqfpzm6K15eVDMOq7hNEfE47ELhjqPGI60BF8gPI32fGA2GACdyUI+u2dgn8YeraTDMl4PjAVRQr4zlOJ3BapiSQzWuChzvr1jwBxqjXw+6zs1K1dFw/d5/19MXtfjYkPHD4LgBRzc1nPxCLp3RR8qc9W0SCk4SblDZ86GCo71VVwylRjcrG99ZOdE8/OVrA7d9NBLx95ZOSDkgqZ
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR13MB6747.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(376014)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hCKeAHOH/JFFlQXnWr1SFnji/Cl9TDJMUhrXHNWEf8Xt4w16LBYjcCsvyFwAXH2KizmMBvL06pUin4GyMJq6KHr3fGesNt4hEAK2R33aVQ/aiwGNVApeeE9SVdSxOPPQMbL6BuIYkFiwFUlG5Q6aDHs6C708LjBqpOSdTJrA37j92aDgIczV1Vm3g3bLFzbTJBWlz0cZbjVhmzGyWytmYIMaqzeGhAftYMJQTasYLB4y6MEk2J27EiQW3N8SdIfVsbb9fRVkGo3CiJsjPXm8jfjBukGove6R1gXzmmUZEBGVJDKD5lTHxb1LOhcH3wqtWME4O5zr5RLWe+6rNIKE1Aad3Zbq6Kj3p+kEilGEwk/1jRCrUJYhd09IjGVtLbPmOYUwlB2Dq1CkypJQpFerynG2T0zQCcX6NCqJ61LiFVtZ5wsn0vwYuvpkGtY8imbiDORPUx4QYpQvIuGYH3O6Jj+YbsQl6mPUTFQ263xjLQXH8uxGs9PgvKoeUsLr8JdumhAPgghq/GgB8reLiHma+GIjnyu3Pm5SDVNHikFER7xESxSpZ5gmpwQ3fUNs3dwmAcz6ox/t0FbrH33ghesApP+UZPOKIl6lm+JyZtKj20YkLhx3MrwpUC2xIKP/wHuQkLKFngjxAh2ZtbqzxcTS55dpIp4EsIDcLtGTEKzYTPq+EtsoAbRf1K852evz+8gQKyPWbH/OO1q9MfSHPCI7dTKOFN1xD7/fxDKrr8x0QnSWw2AaZ/HgiknIMz1U/XNCob+ZqZSlo2PVImCAWwlz765u4Ojm4zFaBtS8t5p8SkgtjI33sVvyjUQLgOML1ifZXYDq6ZdrGaiPzMUOJbTcX7fTGGvAOZgDYv5fiuyKSfc509KyTUW/jCqzG4oR0y5CwzdJxYeiQ+1LkjZ+vhUzWNOdhMU4AcDlhuut7km6Mw1wh/L9pdpeQYlOnqbSLq7O9nvEoQLD/GEMBHEjt2E2wNAfxKtZbLpq2GkNWokPjqbph30LOm3bKgBkA5750xiwFrXntYwHrUNNawdrkUWFpbKVlSHyzgdtewhu6qW/uGozOBIWxWgXIYHN+cC4jFIPnBp9HLv3EtuOD2svLCicWchWtlOGNUd62ybslymGO+FznubsgnD1aJnXrhdqUHBmejwGi0cxvqc8r+zKakanUb8rBNCuS45RaGSbs7/hHAZ1fxHlJ9Vfaa1c6STLazmv62a7oFqf+r35O9Z1B4JAUdcgmnwoAVIOFCoINraH9xeHSf+MCaU0YKICLSJinOkTWXgujhlvXF/dh24FszTbOI0pT7oraSfSjLfgeR63yYWmLM8jajw764Soya+ceqYKNMj/4AKX86H6EMiPG5PC6kNKyVLgBq8H2VA1+DjXqMQVSskqSe9V9qxUsw+ypChsfmJO8g4gzGjKOBhM3MgYN55GeJoxH3PDBVn3j8GUIIwTFUYxGTfqDmrCNMLQBk16go5qloSAA8l4ds2uSYDSABdTfe2TQ5erYo3peiusnWg3SiXVKd7ePOqvNLdGLPGyM288AfmHxtGJX1SJ8BpxdiOUamN0p5KXMNgqw2JzKrtlRJH1Dw4IXD5LywrqfrBRHaXMDuDBL7lehJiGR8Qq0c0oK1HHMwKynEj1Gdt3qEgoqrnTP6ReN6eDF3Y93rdmsZHeKA4qusac45Dq+PNyBA==
Content-Type: text/plain; charset="utf-7"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: numeracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR13MB6747.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ba89c180-6813-48ae-6c38-08dd40aa144b
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2025 21:15:38.5328 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b807d15e-47b0-447f-a656-f397dba6285c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bC3cVMJcEpRzQKrr1tURwk+GFf1jCDVrumkzoqT27dh8Gvsr9xUtqp3HaV0PhpPfGec0RFOOiQtutHJhPFNUGYZemKRyfpH+RNYX9d8YbTo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR13MB4707
Message-ID-Hash: TAJVGISWTGAK4K6LWNSV7TKDHHWS4VGM
X-Message-ID-Hash: TAJVGISWTGAK4K6LWNSV7TKDHHWS4VGM
X-MailFrom: Pierce.Gorman@numeracle.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: -15 of SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/zf8kUVI40GsHS-bvJyLH2QqyR48>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
+1 on advancing the draft. CONFIDENTIAL -----Original Message----- From: Watson Ladd <watsonbladd@gmail.com> Sent: Wednesday, January 29, 2025 12:09 PM To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org> Cc: oauth <oauth@ietf.org>; oauth-chairs@ietf.org Subject: [OAUTH-WG] Re: -15 of SD-JWT EXTERNAL EMAIL After discussion with the authors we've agreed that editorial improvements, including to the security considerations section, can happen later in the process, and that it shouldn't prevent advancing the draft. On Thu, Jan 16, 2025 at 7:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > > Brian, > > I'm glad we've finally reached rough consensus on adding the paragraph > I've wanted since SF, and more importantly highlighting the issues > that the security failures of SD-JWT makes for users. > > However, the editorial issues with the verbosity of the privacy > considerations remains, and has gotten worse. Is there really no way > to condense it? I hoped that instead of my hamfisted mass deletion in > the first PR we'd have a more careful rewrite of the preceding text in > light of the new consensus to express, vs. not touching it. > > I think it would read better as follows: > > - Move the summary paragraph (with some edits (s/above/below/ etc)) to > the top of the section > - Delete the paragraph that goes "Issuer/Verifier unlinkability with a > careless," as it is subsumed by the summary entirely. We'll put the > data minimization note in somewhere else > - "Contrary to that, Issuer/Verifier unlinkability" - add in the data > minimization note here > > Probably this will need some more chopping at. > > IMHO it seems that rather than agree on what we want to say, then say > it, we've agreed to say 3 or 4 different things all at the same time. > I don't think that's actually recording agreement on the substance of > what we want to say. > > When we talk about batch issuance we say it achieves presentation > unlinkability. However, that's not how we defined presentation > unlinkability, which applies to multiple showing of the same, not > different credentials. I'm not really sure what to do with that: maybe > "achieves" should become "works around the lack of". Or maybe we need > a different notion of same, but that's going to force some very > sweeping changes. > > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim -- Astra mortemque praestare gradatim _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-leave@ietf.org
- [OAUTH-WG] -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Brian Campbell
- [OAUTH-WG] Re: -15 of SD-JWT Michael Prorock
- [OAUTH-WG] Re: -15 of SD-JWT Brent Zundel
- [OAUTH-WG] Re: -15 of SD-JWT Paul Bastian
- [OAUTH-WG] Re: -15 of SD-JWT Watson Ladd
- [OAUTH-WG] Re: -15 of SD-JWT Pierce Gorman
- [OAUTH-WG] Re: -15 of SD-JWT Daniel Fett
- [OAUTH-WG] Re: -15 of SD-JWT torsten