Thanks Neil, That is indeed an error. Thanks for catching that. We'll get it fixed. I see how that other part is a bit confusing too and will look at improving how those pieces flow together. And also maybe fix some other stuff in that area while we're at it, like inadequate salt length in at least one of the disclosures in 5.2.3.
On Wed, Sep 4, 2024 at 9:17 AM Neil Madden <neil.e.mad...@gmail.com> wrote: > I haven’t read the latest draft in a lot of detail, but I did check over > the cryptographic details again and everything seems reasonable to me. > > One error I noticed in section 5.2.4.1: > > "For example, using the digest of the object property Disclosure created > above, the Issuer could create the following SD-JWT payload to make > given_name selectively disclosable” > > I believe this should say “family_name”, as that is what is in the > disclosure hash (the given_name is represented directly in the claims). > > (Also, where it references “the Disclosure claim created above”, it should > probably explicitly say “in section 5.2.3”, but even that is still a bit > confusing as there are two disclosures created in that section and neither > lists the actual content of the disclosure being hashed). > > Other than that, it looks in good shape. > > — Neil > > On 3 Sep 2024, at 11:39, Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> > wrote: > > All, > > As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT > *document. > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html > > Please, review this document and reply on the mailing list if you have any > comments or concerns, by *Sep 17th*. > > Regards, > Rifaat & Hannes > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
