I'm not sure what the issue is but it appears commenting on the pull request is possible because your comment shows up (twice even).
That said, I believe the sentiment of your suggestions here are already in the content of the PR but just organized/expressed somewhat differently (in a style more natural to the author). On Fri, Feb 9, 2024 at 2:43 AM Denis <denis.i...@free.fr> wrote: > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/354 > > Since this pull request is blocked, I could not post a comment. > > Instead of one section about "Unlinkability" (12.4), there should be two > sections: > > "*Unlinkability between Verifiers*" means that : > > 1) if two Verifiers are colluding, they should not be able to know > whether two different presentations are presented by the same user. > > 2) If a presentation,presented to a Verifier, is voluntarily > publicly revealed at the initiative of that Verifier or is involuntarily > revealed > after a data breach that happened to that Verifier, other > Verifiers should not be able to know that different presentations were > presented > by the same user. > > "*Untrackability by* *an **Issuer*" means that an Issuer should not > be able to know to which Verifier a digital presentation will be > or has been presented by a user. > > Note: In this case, there is no need to have a collusion between an > Issuer and a Verifier. > > Denis > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
