I've edited the draft minutes (that's ok, right?) to hopefully better reflect the one comment I made during the session. It's the only contribution I 've made here so it feels important to me :) As such, I wanted to share it with the list here.
It now says: "Brian Campbell: Selective disclosure with normal JWT using conventional cryptography is very doable (draft-fett-oauth-selective-disclosure-jwt describes one relatively straightforward approach). I read the JWP drafts and it looked like the multiple JWS values construct supports selective but not unlinkability. Which would mean that different "kinds" of JWPs have different security/privacy properties. This seems similar to one of the current criticisms of JWT/JOSE on type confusion/ambiguity that should be avoided in JWP to the extent possible. For that reason and others, I'd suggest that JWP focus only on newer cypto and the things JWS really cannot currently achieve and have JWP in general provide a consistent set of security/privacy properties." Previously it had: "Brian Campbell: JWT - It’s not very difficult and it’s currently doable to do selective disclosure using conventional cryptography, as described in draft. I read the draft. It looked like it supports selective disclosure more than support for unlinkability. The current criticism of JWT on type confusion/ambiguity in JWT shouldn’t be propogated into JWP." On Wed, Jul 27, 2022 at 6:51 PM Karen O'Donoghue <[email protected]> wrote: > The JWP BoF was held on Monday. Thank you to the proponents who provided > all the presentations and drafts for the BoF. The BoF ran out of time > before reaching any conclusions. In hindsight, we should have scheduled two > hours. At this stage we have been asked to continue discussion of the > questions raised on the jose mailing list and schedule a virtual interim > BoF. This will need to be approved by the IESG, and a key here will be > demonstrating some progress on the questions raised on the mailing list. > > > > The draft minutes are available: > > https://notes.ietf.org/notes-ietf-114-jwp# > > Please review the minutes and provide any updates by next Friday 5 August. > > > > For additional information, the original BoF request is here: > > https://datatracker.ietf.org/doc/bofreq-miller-json-web-proofs/ > > And the drafts and slides from the BoF are linked from the IETF 114 > agenda. > > > > Thanks, > > Karen > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
