Perhaps you can write a draft describing your concerns. Suffice it to say that I don’t think you fully understand the requirements placed on the EUID wallet, nor the way the process to establish the EUID wallet works. For instance: anyone who claims to know what the EUID does or requires needs a cluebat for the simple reason that this is currently a negotiation where the outcome is not known. In particular your statement about what the EUID “mandates” is just not true. None of this is done yet.
I suggest the IETF focus on specs and basic standars and let governments figure out which, if any, of these are appliy. Cheers Leif > 23 aug. 2023 kl. 07:32 skrev Watson Ladd <watsonbl...@gmail.com>: > > Dear all, > > I read with alarm that the EU Digital Wallet is mandating SD-JWT, > perhaps under the illusion that it meets the standard, 22 year old > security definition for schemes of this type. It of course doesn't, as > said quite clearly in the security considerations section 10.4 and > 10.5. Why on earth are we pursing this "solution" when actual > solutions to the problems presented have existed for 19 years? There's > been substantial research on this area, as seen in Microsoft's U-Prove > system just to name one instance. > > This is apparently an article of discussion on the EU Digital Wallet > project as well, but I think the IETF needs to have its own discussion > of the issues here and not just say "well, it would be nice if we had > an RFC for this" especially given the negative privacy impacts. > > Sincerely, > Watson Ladd > > PS: they appear quite aware, but apparently convening the right > committee to approve the signature scheme is too hard. Anyway, not > relevant to us in the IETF. > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
