Am 13.11.24 um 02:04 schrieb Watson Ladd:
I'd appreciate if others would weigh in, particularly if they haven't
followed this debate before.
Happy to - as a co-author of the draft, I think that the current text
addresses this risk sufficiently. Besides that, I'd second what Brian said.
-Daniel
On Tue, Nov 12, 2024, 3:59 PM Brian Campbell
<[email protected]> wrote:
Consistently saying something isn't the same as gathering
consensus about what, if any, changes to make as a result of
saying it. The IETF has a consensus-based process for standards
development and sometimes one individual's viewpoint falls outside
consensus. Repeatedly voicing the viewpoint doesn't change that.
I suggest the WG proceed with submitting the draft to the IESG for
publication while noting in the Shepherd Write-Up that Watson has
repeatedly raised a concern about privacy implications and,
despite changes being made as a result, has raised the comment
again. I believe it's completely reasonable at this point to
declare the comment as "in the rough" with respect to the
consensus of the WG.
On Fri, Oct 25, 2024 at 9:45 AM Watson Ladd
<[email protected]> wrote:
The privacy issues I have consistently raised have not been
addressed
through actionable text.
Implementers are not receiving guidance with the current
version. The
actual risks are buried below a bunch of words talking around the
issue.
I'll be very clear: if a user uses this technology to pass an age
verification filter, they will end up exposing their complete
identity
without knowing it. This is an unacceptable risk, and no one
disagrees
the technology poses it. Implementers will often not have the
skills
or knowledge to identify this concern independently, and need
actionable guidance on how to mitigate it. We provide far more
actionable guidance on storage of credentials.
On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef
<[email protected]> wrote:
>
> All,
>
> This is a short second WG Last Call for the SD-JWT document
after the recent update based on the feedback provided during
the first WGLC
>
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt
>
> Please, review this document and reply on the mailing list
if you have any comments or concerns, by Oct 25th.
>
> Regards,
> Rifaat & Hannes
> _______________________________________________
> OAuth mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
--
Astra mortemque praestare gradatim
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
/CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s).
Any review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error,
please notify the sender immediately by e-mail and delete the
message and any file attachments from your computer. Thank you./
_______________________________________________
OAuth mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
