+1 Am 30. Jan. 2025, 18:41 +0100 schrieb Daniel Fett <mail=40danielfett...@dmarc.ietf.org>: > +1 > (not confidential) > Am 29.01.25 um 22:15 schrieb Pierce Gorman: > > +1 on advancing the draft. > > > > > > CONFIDENTIAL > > -----Original Message----- > > From: Watson Ladd <watsonbl...@gmail.com> > > Sent: Wednesday, January 29, 2025 12:09 PM > > To: Brian Campbell <bcampbell=40pingidentity....@dmarc.ietf.org> > > Cc: oauth <oauth@ietf.org>; oauth-cha...@ietf.org > > Subject: [OAUTH-WG] Re: -15 of SD-JWT > > > > EXTERNAL EMAIL > > > > After discussion with the authors we've agreed that editorial improvements, > > including to the security considerations section, can happen later in the > > process, and that it shouldn't prevent advancing the draft. > > > > On Thu, Jan 16, 2025 at 7:25 PM Watson Ladd <watsonbl...@gmail.com> wrote: > > > Brian, > > > > > > I'm glad we've finally reached rough consensus on adding the paragraph > > > I've wanted since SF, and more importantly highlighting the issues > > > that the security failures of SD-JWT makes for users. > > > > > > However, the editorial issues with the verbosity of the privacy > > > considerations remains, and has gotten worse. Is there really no way > > > to condense it? I hoped that instead of my hamfisted mass deletion in > > > the first PR we'd have a more careful rewrite of the preceding text in > > > light of the new consensus to express, vs. not touching it. > > > > > > I think it would read better as follows: > > > > > > - Move the summary paragraph (with some edits (s/above/below/ etc)) to > > > the top of the section > > > - Delete the paragraph that goes "Issuer/Verifier unlinkability with a > > > careless," as it is subsumed by the summary entirely. We'll put the > > > data minimization note in somewhere else > > > - "Contrary to that, Issuer/Verifier unlinkability" - add in the data > > > minimization note here > > > > > > Probably this will need some more chopping at. > > > > > > IMHO it seems that rather than agree on what we want to say, then say > > > it, we've agreed to say 3 or 4 different things all at the same time. > > > I don't think that's actually recording agreement on the substance of > > > what we want to say. > > > > > > When we talk about batch issuance we say it achieves presentation > > > unlinkability. However, that's not how we defined presentation > > > unlinkability, which applies to multiple showing of the same, not > > > different credentials. I'm not really sure what to do with that: maybe > > > "achieves" should become "works around the lack of". Or maybe we need > > > a different notion of same, but that's going to force some very > > > sweeping changes. > > > > > > Sincerely, > > > Watson > > > > > > -- > > > Astra mortemque praestare gradatim > > > > > > -- > > Astra mortemque praestare gradatim > > > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-le...@ietf.org > > > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-le...@ietf.org > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
