On Thu, Jan 9, 2025, 12:29 PM Dean Saxe <dean.s...@beyondidentity.com> wrote:
> I agree with you, Paul. A statement that this is not anonymous should be > sufficient. > > -dhs > It isn't. The fact that this doesn't meet what everyone has for 2 decades held to be the definition of security in this area deserves to be explicitly and prominently recognized. It's not "some paper"- but the one that (unusually) nailed the definitions and almost all constructions on the first go around. Anything less risks people thinking this does more. That's why we've needed a short summary paragraph. > -- > Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> > Principal Engineer > Office of the CTO > Beyond Identity > dean.s...@beyondidentity.com > > > On Jan 9, 2025, at 12:10 PM, Paul Bastian <paul.bast...@posteo.de> wrote: > > It seems to me saying "SD-JWT is not an anonymous credential system > according to <link>" then seems sufficient, as most of the other text is > already present in the thorough unlinkability section. > > Also I see that it gets increasingly difficult, if drafts have to > enumerate all the things that they are not, this is a slippery slope that > may never be complete. > > Best, Paul > > On 1/9/25 8:32 PM, Watson Ladd wrote: > > On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe > > <dean.saxe=40beyondidentity....@dmarc.ietf.org> wrote: > > I’m struggling with the same thing. If there’s somewhere that this is > described/documented it should be linked from the text. I added the same > comment to the PR. > > > > https://www.google.com/url?q=https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535%23issuecomment-2580990520&source=gmail-imap&ust=1737058221000000&usg=AOvVaw2ZJTyUSYKf5i67EjayhT9A > > We can link to CL01, but I think there might be some easier to > > understand presentations. Will look. > > > -dhs > > -- > > Dean H. Saxe, CIDPRO > > Principal Engineer > > Office of the CTO > > Beyond Identity > > dean.s...@beyondidentity.com > > > > > > On Jan 9, 2025 at 10:20:56 AM, Paul Bastian <paul.bast...@posteo.de> > wrote: > > Hi Watson, > > > Could you please link the standard security notation for anonymous > credentials that you are referring to? > > > Best, Paul > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-le...@ietf.org > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-le...@ietf.org > > > >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
