> On 29 Jul 2022, at 01:44, Vasileios Kalos > <[email protected]> wrote: > > Hey all, > > What JWP allows that I find very useful is the following: the Verifier will > learn nothing more than what the user reveals, even if they (the Verifier) > cooperate with the Issuer (or anyone else).
Isn’t this somewhat overstating the likely privacy benefits? If the prover reveals _any_ PII to the verifier then the verifier can collaborate with the issuer to discover everything about that user. And we know from many studies on deanonymisation that it is very easy to accidentally reveal enough information to be identifiable. ZK proofs are nice and everything but they only ensure zero *additional* knowledge is gained by the verifier. In practice what is explicitly revealed is often enough. IMO if you want to have any hope of actually achieving the privacy you want then you really need to design the entire protocol, including specifying exactly what information is to be revealed. I think designing a generic “privacy preserving” message container is likely to give people unrealistic expectations. — Neil
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
