> (Can the holder choose to selectively not disclose that “cnf” claim? If so, yikes).
No, to prevent this the issuer simply puts these sorts of claims in the header, which is not subject to selective disclosure, e.g the prover cannot create a valid proof/presentation without disclosing the original un-modified header. > In current usage, PoP is usually applied and linked to clients (apps) not individual users, so one simple approach would be to take the FIDO/WebAuthn approach and require the client to reuse the same key for at least 10,000 users to prevent linkability. That’s obviously not a universally applicable approach, and I would be in favour of new privacy-preserving PoP schemes. Yes and to be clear cryptographic schemes like BBS are IMO an example of what you describe as a privacy-preserving PoP scheme, they just also support selective disclosure. Thanks, Tobias On Thu, Jul 28, 2022 at 3:56 AM Neil Madden <[email protected]> wrote: > > On 28 Jul 2022, at 08:30, Torsten Lodderstedt <[email protected]> > wrote: > > > > Am 28.07.2022 um 08:57 schrieb Neil Madden <[email protected]>: > > { > “iss”: “gov.uk”, > “over_18”: true > } > > If this is signed using a deterministic signature algorithm (eg EdDSA) > then the token will be identical for everyone that is over 18 and so > naturally unlinkable. > > > Such a credential needs to be bound to the legit holder, which is > typically achieved by adding a public key (reference) to it (which is > missing in your example). The holder must then create a presentation signed > with the corresponding private key to proof possession and with that > legitimate holdership. That key results in likability. > > > Well, it doesn’t *need* to be bound to such a key. Bearer credentials are > still widely used, after all. > > But even if it does, the problem then seems to be one of defining > unlinkable proof of possession (PoP) schemes, not a JWT alternative. > Indeed, this would seem to be a problem in JWP too - if an issuer adds a > PoP constraint via a “cnf” claim (RFC 7800) then that PoP scheme needs to > be unlinkable regardless of the use of JWP. (Can the holder choose to > selectively not disclose that “cnf” claim? If so, yikes). > > In current usage, PoP is usually applied and linked to clients (apps) not > individual users, so one simple approach would be to take the FIDO/WebAuthn > approach and require the client to reuse the same key for at least 10,000 > users to prevent linkability. That’s obviously not a universally applicable > approach, and I would be in favour of new privacy-preserving PoP schemes. > > — Neil >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
