Agree that it should be clarified. Being precise with language around this stuff is tricky. But my understanding of the intent was to ensure that no digest value is repeated in the whole of the SD-JWT - either in the payload directly or recursively in any Disclosure. Because of the trickiness of language, I'm not sure if we disagree or not about the intent...
On Fri, Oct 20, 2023 at 8:09 AM Daniel Fett <fett= 40danielfett...@dmarc.ietf.org> wrote: > Hi Jacob, > > the intention was to cover the first case you listed. We should clarify > this. > > -Daniel > Am 20.10.23 um 15:02 schrieb Jacob Ward: > > Hello again, > > On a similar note to my previous email, could I get some clarity on a step > in the SD-JWT verification process? > > > > *4. If any digests were found more than once in the previous step, the > SD-JWT MUST be rejected. * > Step 4 in Section 6.1 (as shown above) could have multiple meanings in my > opinion: > - The digest was found multiple times (for example in an "_sd" array and > as an array element). > - More than one Disclosure have the same digest. > > On first reading of this I assumed that this step only covered the first > of those two cases, but it has been pointed out to me by a colleague that > it could cover both. If it is the case that both cases are covered by this > step, then I think it would be helpful to clarify this in the text. > > Cheers, > > Jacob > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > -- > Please use my new email address: m...@danielfett.de > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
