On Sat, Dec 21, 2024 at 1:37 PM Joseph Heenan <jos...@authlete.com> wrote:
> > < ... snip ... > > > The current text is clear that there are situations where issuer-verifier > linkability can’t be fully prevented. > > Process wide, I believe if you think the text currently in the > specification is inadequate, you need to make a concrete suggestion that > doesn’t introduce new problems and hence can gain consensus with working > group members. > > I believe this kinda gets at the heart of things here. It does for me anyway. There are indeed some legitimate and not obvious or intuitive privacy considerations inherent in salted-hash based selective disclosure mechanisms like SD-JWT (also SD-CWT, ISO mdoc/mDL, and probably others I'm unaware of) that deserve serious treatment in a prospective RFC. The authors on this draft have endeavored to provide thoughtful treatment of the topic(s) and believe that the current text, while obviously not perfect, is reasonably clear and provides sufficient discourse on the subject(s). Watson feels otherwise, which is a completely reasonable viewpoint. However, at this stage of things especially, I believe it is incumbent on him to provide a concrete suggestion that doesn't introduce new/unwanted problems and can be viewed as at least acceptable as rough consensus of the working group. This thread and several others of a very similar vein over the last few months suggests that, from my perspective as both draft author and WG participant anyway, the various proposals don't meet that bar. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
