On Thu, Aug 24, 2023 at 3:44 AM Daniel Fett <m...@danielfett.de> wrote: > > Thanks, Hannes. > > The fact that technologies like AnonCreds are based on such old principles, > yet they are not uniformly standardized, often times limited to a few > implementations that may or may not be secure, are full of security footguns, > lack hardware support, and are just extremely hard or impossible to deploy > speaks for itself. > > That's why things like SD-JWT exist and gain traction. > > Yes, you have to jump through hoops to get unlinkability, but it is not > impossible, and it seems to be a good tradeoff for many.
Is there a document describing this that we can compare to the BBS version? Because it's a lot harder than you think: you need a blind signature and cut and choose for the credential openings (or rerandomization via structure preserving signatures, hello pairings), you need to deal with exhaustion of the supply of tokens, your issuance process has to be repeatable at low cost, so that's also getting messy, and then the hardware binding has its own special problems. None of that is in this draft, and I think it would be a lot better if we spelled it out here or someplace else to get a better sense of the tradeoffs. I would also like to point out that if end users don't like the privacy aspects, they simply won't use this technology. That's a very serious deployment issue. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
