On Fri, Nov 10, 2023 at 1:53 PM Orie Steele <[email protected]> wrote:
> Inline > > On Fri, Nov 10, 2023, 9:27 PM Brian Campbell <bcampbell= > [email protected]> wrote: > >> I was rewarded for a comment in the meeting today* with an action item to >> start a discussion on-list. So here I am with that. It's difficult (for me >> anyway) to articulate some of this in writing, which is why I wanted to >> voice it in the meeting. But that got redirected back to the list so here's >> my attempt :) >> >> Basically my suggestion is/was that the JWP/JWA/JPT drafts should focus >> only on container formats and support for the newer cryptographic >> techniques, like BBS, that can provide both selective disclosure and >> unlinkability. And not try to do something with "traditional" cryptography >> and JWS that can only do selective disclosure. From my perspective it'd be >> preferable to have the overall JWP container/abstraction provide a more >> consistent set of security/privacy properties that doesn't vary by the >> algorithm (that kind of variance has been a problem in JWS, for example, >> where the same container can be asymmetrically signed, HMAC'd or not >> protected at all). >> > > I agree. > > And I think it'd be good to have the general design be unencumbered by >> considerations trying to retrofit or account for the "legacy" stuff. The >> documents could be simplified (or at least made shorter and more focused) >> too by removing the "Single Use JWP" concept that uses multiple JWS values >> as well as the MAC JPA stuff. >> > > Move to a separate document? Or simply remove? > Simply remove. In my view anyway. Selective disclosure alone is achievable now with other things like SD-JWT. Let JWP focus on the newer stuff that can't be done with other formats/containers. > > >> >> * which did also refer back to similar comments from the BoF @ IETF 114 >> https://mailarchive.ietf.org/arch/msg/jose/Qde04x9VqmhGavrlg2Gm_H54Zcc/ >> >> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.*_______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
