Consistently saying something isn't the same as gathering consensus about what, if any, changes to make as a result of saying it. The IETF has a consensus-based process for standards development and sometimes one individual's viewpoint falls outside consensus. Repeatedly voicing the viewpoint doesn't change that.
I suggest the WG proceed with submitting the draft to the IESG for publication while noting in the Shepherd Write-Up that Watson has repeatedly raised a concern about privacy implications and, despite changes being made as a result, has raised the comment again. I believe it's completely reasonable at this point to declare the comment as "in the rough" with respect to the consensus of the WG. On Fri, Oct 25, 2024 at 9:45 AM Watson Ladd <[email protected]> wrote: > The privacy issues I have consistently raised have not been addressed > through actionable text. > > Implementers are not receiving guidance with the current version. The > actual risks are buried below a bunch of words talking around the > issue. > > I'll be very clear: if a user uses this technology to pass an age > verification filter, they will end up exposing their complete identity > without knowing it. This is an unacceptable risk, and no one disagrees > the technology poses it. Implementers will often not have the skills > or knowledge to identify this concern independently, and need > actionable guidance on how to mitigate it. We provide far more > actionable guidance on storage of credentials. > > On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef > <[email protected]> wrote: > > > > All, > > > > This is a short second WG Last Call for the SD-JWT document after the > recent update based on the feedback provided during the first WGLC > > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt > > > > Please, review this document and reply on the mailing list if you have > any comments or concerns, by Oct 25th. > > > > Regards, > > Rifaat & Hannes > > _______________________________________________ > > OAuth mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
