Watson, I think perhaps there's a misalignment of goals here.
My perspective is that the privacy considerations are good enough (and have been for several months now) for the draft to proceed and will likely be improved or changed more anyway during the course of shepherd, AD, directorate, and IESG reviews yet to come. There were some accommodations made to hear your concerns and then incorporate text based on your most recent suggestion. From my point of view, this was an olive branch offered to help move the conversation forward. It was not intended as an invitation or obligation to introduce further, more significant changes. I strongly believe it is time for this draft to progress, a sentiment I share with the draft co-editors and I think a significant portion of the working group participants. Once again, I respectfully request that the chairs initiate the document shepherding process. On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd <watsonbl...@gmail.com> wrote: > Brian, > > I'm glad we've finally reached rough consensus on adding the paragraph > I've wanted since SF, and more importantly highlighting the issues > that the security failures of SD-JWT makes for users. > > However, the editorial issues with the verbosity of the privacy > considerations remains, and has gotten worse. Is there really no way > to condense it? I hoped that instead of my hamfisted mass deletion in > the first PR we'd have a more careful rewrite of the preceding text in > light of the new consensus to express, vs. not touching it. > > I think it would read better as follows: > > - Move the summary paragraph (with some edits (s/above/below/ etc)) to > the top of the section > - Delete the paragraph that goes "Issuer/Verifier unlinkability with a > careless," as it is subsumed by the summary entirely. We'll put the > data minimization note in somewhere else > - "Contrary to that, Issuer/Verifier unlinkability" - add in the data > minimization note here > > Probably this will need some more chopping at. > > IMHO it seems that rather than agree on what we want to say, then say > it, we've agreed to say 3 or 4 different things all at the same time. > I don't think that's actually recording agreement on the substance of > what we want to say. > > When we talk about batch issuance we say it achieves presentation > unlinkability. However, that's not how we defined presentation > unlinkability, which applies to multiple showing of the same, not > different credentials. I'm not really sure what to do with that: maybe > "achieves" should become "works around the lack of". Or maybe we need > a different notion of same, but that's going to force some very > sweeping changes. > > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
