Hi Brian,
The word "*Untrackability"***is not currently present. In other words,
it refers to the ability for an Issuer to act as *Big Brother*.
This word allows to make immediately a difference between concerns that
apply to Issuers *(**Untrackability)***
and different concerns that apply to Verifiers*(**Unlinkability)*.
Furthermore, the proposed text highlights the fact that *linkability
*can happen either:
* because of a collusion between verifiers, or
* because a verifier publicly disclosed some digital presentations or
some of their content, or
* because there was an unintentional leak of digital presentations or
some of their content, due to a security incident.
Denis
I'm not sure what the issue is but it appears commenting on the pull
request is possible because your comment shows up (twice even).
That said, I believe the sentiment of your suggestions here are
already in the content of the PR but just organized/expressed somewhat
differently (in a style more natural to the author).
On Fri, Feb 9, 2024 at 2:43 AM Denis <denis.i...@free.fr> wrote:
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/354
Since this pull request is blocked, I could not post a comment.
Instead of one section about "Unlinkability" (12.4), there should
be two sections:
"*Unlinkability between Verifiers*" means that :
1) if two Verifiers are colluding, they should not be able
to know whether two different presentations are presented by the
same user.
2) If a presentation,presented to a Verifier, is
voluntarily publicly revealed at the initiative of that Verifier
or is involuntarily revealed
after a data breach that happened to that Verifier,
other Verifiers should not be able to know that different
presentations were presented
by the same user.
"*Untrackability by****an **Issuer*" means that an Issuer should
not be able to know to which Verifier a digital presentation will be
or has been presented by a user.
Note:In this case, there is no need to have a collusion
between an Issuer and a Verifier.
Denis
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
/CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s). Any
review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by e-mail and delete the message and any
file attachments from your computer. Thank you./
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
