[apologies for the delayed response, I went on part of family summer vacation right after Philly]
I can't meaningfully speculate on those specific questions, to be honest. My point is more meta, I guess, in saying that mismatched expectations are much less likely when the container/abstraction itself provides a relatively consistent set of security/privacy properties. Because unlinkability seems to be the one thing that something like JWP can provide that plain old JWT cannot, that seems to me like it should be a focus. While including selective disclosure only mechanisms (that can be done via SD-JWT) feels to me like it distracts and detracts from the overall effort and would increase the potential for mismatched expectations down the road. On Sat, Jul 30, 2022 at 11:02 AM Jeremie Miller <[email protected]> wrote: > Thanks for clarifying Brian, I still think this is one of the best > discussion points: > > For that reason and others, I'd suggest that JWP focus only on newer >> cypto and the things JWS really cannot currently achieve and have JWP in >> general provide a consistent set of security/privacy properties. >> > > Since this unlinkability property primarily concerns the holder entity, I > could phrase the question as: does the holder developer expect that when > generating a JWP presentation it will always have the unlinkable privacy > guarantee? > > Consequently, when they're unable to choose JWP due to the inherent > underlying algorithm requirements and still require unlinkability, is > SD-JWT with a batch/refresh single-use mode an adequate fallback? > > Jer > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
