Brian, I think we all agree on the technical issue here and it's implications. The question should be tightened to the adequacy of the advice given for dealing with it.
Age verification is an application that people will want to use and a clear statement that that's not a good idea is needed here. Otherwise we're ignoring our ethical responsibilities to the public. I'd appreciate if others would weigh in, particularly if they haven't followed this debate before. On Tue, Nov 12, 2024, 3:59 PM Brian Campbell <[email protected]> wrote: > Consistently saying something isn't the same as gathering consensus about > what, if any, changes to make as a result of saying it. The IETF has a > consensus-based process for standards development and sometimes one > individual's viewpoint falls outside consensus. Repeatedly voicing the > viewpoint doesn't change that. > > I suggest the WG proceed with submitting the draft to the IESG for > publication while noting in the Shepherd Write-Up that Watson has > repeatedly raised a concern about privacy implications and, despite changes > being made as a result, has raised the comment again. I believe it's > completely reasonable at this point to declare the comment as "in the > rough" with respect to the consensus of the WG. > > > On Fri, Oct 25, 2024 at 9:45 AM Watson Ladd <[email protected]> wrote: > >> The privacy issues I have consistently raised have not been addressed >> through actionable text. >> >> Implementers are not receiving guidance with the current version. The >> actual risks are buried below a bunch of words talking around the >> issue. >> >> I'll be very clear: if a user uses this technology to pass an age >> verification filter, they will end up exposing their complete identity >> without knowing it. This is an unacceptable risk, and no one disagrees >> the technology poses it. Implementers will often not have the skills >> or knowledge to identify this concern independently, and need >> actionable guidance on how to mitigate it. We provide far more >> actionable guidance on storage of credentials. >> >> On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef >> <[email protected]> wrote: >> > >> > All, >> > >> > This is a short second WG Last Call for the SD-JWT document after the >> recent update based on the feedback provided during the first WGLC >> > >> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt >> > >> > Please, review this document and reply on the mailing list if you have >> any comments or concerns, by Oct 25th. >> > >> > Regards, >> > Rifaat & Hannes >> > _______________________________________________ >> > OAuth mailing list -- [email protected] >> > To unsubscribe send an email to [email protected] >> >> >> >> -- >> Astra mortemque praestare gradatim >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
