How were you planning on conveying a partially detached payload in JSON and CBOR?
Were you planning to propose the use of crit as in: https://datatracker.ietf.org/doc/html/rfc7797 ? Why was this partially detached payload option discussed? What syntax was proposed or reasoning for exploring this was provided? It sounds like a bad idea (for the reasons you mentioned). OS On Mon, Sep 16, 2024 at 3:47 PM David Waite <david= [email protected]> wrote: > In (the just published) draft 06 of JSON Web Proof, an addition was made > calling out fully detached payloads, similar to detached content in JWS [1] > . This allows for an application to remove all payloads from a serialized > form, with the idea that the application provides instructions for a > recipient to reconstruct the ordered set of payloads. > > One additional option which was discussed was the possibility of partially > detached payloads. In this case, a subset of the payloads could be omitted, > while others are still included within the JWP. > > In addition to increased implementation complexity, this carries with it > the risk that a recipient (such as a verifier of a presentation) will not > have obvious differentiation between a payload which has been redacted, and > one that it is expected to be provided as part of application-specific > logic. > > As troubleshooting of cryptographic verification is already a significant > challenge, I wanted to get feedback from this group - would partial > detachment be something you would have a use case for that would justify > specifying behavior here? Alternatively, does it seem like something we > should actively discourage? > > -DW > > [1]: > https://www.ietf.org/archive/id/draft-ietf-jose-json-web-proof-06.html#name-detached-payloads > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
