+1 Paul Likewise believe this is ready to progress On Wed, Jan 29, 2025, 12:04 Paul Bastian <paul.bast...@posteo.de> wrote:
> I agree that the draft is ready to progress. I also agree with Brian that > the privacy considerations are good enough and have been for several months > already and are beyond what the average IETF Draft is providing. > On 29.01.25 16:48, Brent Zundel wrote: > > fwiw, I also believe the draft is ready to progress. > > On Wed, Jan 22, 2025 at 2:17 PM Brian Campbell <bcampbell= > 40pingidentity....@dmarc.ietf.org> wrote: > >> Watson, >> >> I think perhaps there's a misalignment of goals here. >> >> My perspective is that the privacy considerations are good enough (and >> have been for several months now) for the draft to proceed and will likely >> be improved or changed more anyway during the course of shepherd, AD, >> directorate, and IESG reviews yet to come. >> >> There were some accommodations made to hear your concerns and then >> incorporate text based on your most recent suggestion. From my point of >> view, this was an olive branch offered to help move the conversation >> forward. It was not intended as an invitation or obligation to introduce >> further, more significant changes. >> >> I strongly believe it is time for this draft to progress, a sentiment I >> share with the draft co-editors and I think a significant portion of the >> working group participants. Once again, I respectfully request that the >> chairs initiate the document shepherding process. >> >> >> >> >> >> On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd <watsonbl...@gmail.com> >> wrote: >> >>> Brian, >>> >>> I'm glad we've finally reached rough consensus on adding the paragraph >>> I've wanted since SF, and more importantly highlighting the issues >>> that the security failures of SD-JWT makes for users. >>> >>> However, the editorial issues with the verbosity of the privacy >>> considerations remains, and has gotten worse. Is there really no way >>> to condense it? I hoped that instead of my hamfisted mass deletion in >>> the first PR we'd have a more careful rewrite of the preceding text in >>> light of the new consensus to express, vs. not touching it. >>> >>> I think it would read better as follows: >>> >>> - Move the summary paragraph (with some edits (s/above/below/ etc)) to >>> the top of the section >>> - Delete the paragraph that goes "Issuer/Verifier unlinkability with a >>> careless," as it is subsumed by the summary entirely. We'll put the >>> data minimization note in somewhere else >>> - "Contrary to that, Issuer/Verifier unlinkability" - add in the data >>> minimization note here >>> >>> Probably this will need some more chopping at. >>> >>> IMHO it seems that rather than agree on what we want to say, then say >>> it, we've agreed to say 3 or 4 different things all at the same time. >>> I don't think that's actually recording agreement on the substance of >>> what we want to say. >>> >>> When we talk about batch issuance we say it achieves presentation >>> unlinkability. However, that's not how we defined presentation >>> unlinkability, which applies to multiple showing of the same, not >>> different credentials. I'm not really sure what to do with that: maybe >>> "achieves" should become "works around the lack of". Or maybe we need >>> a different notion of same, but that's going to force some very >>> sweeping changes. >>> >>> Sincerely, >>> Watson >>> >>> -- >>> Astra mortemque praestare gradatim >>> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.*_______________________________________________ >> OAuth mailing list -- oauth@ietf.org >> To unsubscribe send an email to oauth-le...@ietf.org >> > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
