I agree that the draft is ready to progress. I also agree with Brian
that the privacy considerations are good enough and have been for
several months already and are beyond what the average IETF Draft is
providing.
On 29.01.25 16:48, Brent Zundel wrote:
fwiw, I also believe the draft is ready to progress.
On Wed, Jan 22, 2025 at 2:17 PM Brian Campbell
<bcampbell=40pingidentity....@dmarc.ietf.org> wrote:
Watson,
I think perhaps there's a misalignment of goals here.
My perspective is that the privacy considerations are good enough
(and have been for several months now) for the draft to proceed
and will likely be improved or changed more anyway during the
course of shepherd, AD, directorate, and IESG reviews yet to come.
There were some accommodations made to hear your concerns and then
incorporate text based on your most recent suggestion. From my
point of view, this was an olive branch offered to help move the
conversation forward. It was not intended as an invitation or
obligation to introduce further, more significant changes.
I strongly believe it is time for this draft to progress, a
sentiment I share with the draft co-editors and I think a
significant portion of the working group participants. Once again,
I respectfully request that the chairs initiate the document
shepherding process.
On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd
<watsonbl...@gmail.com> wrote:
Brian,
I'm glad we've finally reached rough consensus on adding the
paragraph
I've wanted since SF, and more importantly highlighting the issues
that the security failures of SD-JWT makes for users.
However, the editorial issues with the verbosity of the privacy
considerations remains, and has gotten worse. Is there really
no way
to condense it? I hoped that instead of my hamfisted mass
deletion in
the first PR we'd have a more careful rewrite of the preceding
text in
light of the new consensus to express, vs. not touching it.
I think it would read better as follows:
- Move the summary paragraph (with some edits (s/above/below/
etc)) to
the top of the section
- Delete the paragraph that goes "Issuer/Verifier
unlinkability with a
careless," as it is subsumed by the summary entirely. We'll
put the
data minimization note in somewhere else
- "Contrary to that, Issuer/Verifier unlinkability" - add in
the data
minimization note here
Probably this will need some more chopping at.
IMHO it seems that rather than agree on what we want to say,
then say
it, we've agreed to say 3 or 4 different things all at the
same time.
I don't think that's actually recording agreement on the
substance of
what we want to say.
When we talk about batch issuance we say it achieves presentation
unlinkability. However, that's not how we defined presentation
unlinkability, which applies to multiple showing of the same, not
different credentials. I'm not really sure what to do with
that: maybe
"achieves" should become "works around the lack of". Or maybe
we need
a different notion of same, but that's going to force some very
sweeping changes.
Sincerely,
Watson
--
Astra mortemque praestare gradatim
/CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s).
Any review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error,
please notify the sender immediately by e-mail and delete the
message and any file attachments from your computer. Thank
you./_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________
OAuth mailing list --oauth@ietf.org
To unsubscribe send an email tooauth-le...@ietf.org
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
