[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Pierce Gorman
overly concerned if it is. Pierce CONFIDENTIAL From: Dean Saxe Sent: Thursday, January 9, 2025 2:29 PM To: Paul Bastian Cc: oauth@ietf.org Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations. EXTERNAL EMAIL I agree with you, Paul. A statement that this is

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Watson Ladd
On Thu, Jan 9, 2025, 12:29 PM Dean Saxe wrote: > I agree with you, Paul. A statement that this is not anonymous should be > sufficient. > > -dhs > It isn't. The fact that this doesn't meet what everyone has for 2 decades held to be the definition of security in this area deserves to be explicit

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Dean Saxe
I agree with you, Paul. A statement that this is not anonymous should be sufficient. -dhs--Dean H. Saxe, CIDPROPrincipal EngineerOffice of the CTOBeyond Identitydean.s...@beyondidentity.comOn Jan 9, 2025, at 12:10 PM, Paul Bastian wrote:It seems to me saying "SD-JWT is not an anonymous credential

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Paul Bastian
It seems to me saying "SD-JWT is not an anonymous credential system according to " then seems sufficient, as most of the other text is already present in the thorough unlinkability section. Also I see that it gets increasingly difficult, if drafts have to enumerate all the things that they are

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Watson Ladd
On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe wrote: > > I’m struggling with the same thing. If there’s somewhere that this is > described/documented it should be linked from the text. I added the same > comment to the PR. > > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535#iss

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Dean Saxe
I’m struggling with the same thing. If there’s somewhere that this is described/documented it should be linked from the text. I added the same comment to the PR. https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535#issuecomment-2580990520 -dhs -- Dean H. Saxe, CIDPRO

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Watson Ladd
On Thu, Jan 9, 2025 at 10:24 AM Paul Bastian wrote: > > Hi Watson, > > Could you please link the standard security notation for anonymous > credentials that you are referring to? https://eprint.iacr.org/2001/019 > > Best, Paul > ___ > OAuth mailing lis

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Brian Campbell
On Thu, Jan 9, 2025 at 11:18 AM Watson Ladd wrote: > > > On Thu, Jan 9, 2025, 10:14 AM Watson Ladd wrote: > >> >> >> On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman >> wrote: >> >>> Hi Watson, >>> >>> I thought it was a good suggestion and am looking forward to feedback >>> from others. >>> >>> I d

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Paul Bastian
Hi Watson, Could you please link the standard security notation for anonymous credentials that you are referring to? Best, Paul ___ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Watson Ladd
On Thu, Jan 9, 2025, 10:14 AM Watson Ladd wrote: > > > On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman > wrote: > >> Hi Watson, >> >> I thought it was a good suggestion and am looking forward to feedback >> from others. >> >> I didn't understand the part of the statement in the penultimate sentence

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Watson Ladd
On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman wrote: > Hi Watson, > > I thought it was a good suggestion and am looking forward to feedback from > others. > > I didn't understand the part of the statement in the penultimate sentence > which says, "but cannot work for Issuers". I should probably un

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Pierce Gorman
Hi Watson, I thought it was a good suggestion and am looking forward to feedback from others. I didn't understand the part of the statement in the penultimate sentence which says, "but cannot work for Issuers". I should probably understand what you meant without having to ask, but I don't. C

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

2025-01-09 Thread Brian Campbell
Pull request https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535 incorporates text based on this suggestion into the end of the Unlinkability subsection of the Privacy Considerations. Barring objections/concerns with this, we'll look to merge it and publish a new draft next week. O