Document: draft-ietf-oauth-selective-disclosure-jwt Title: Selective Disclosure for JWTs (SD-JWT) Reviewer: Tirumaleswar Reddy Review result: "Ready with issues"
Hi, I have reviewed this document as part of the Ops area directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Ops area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. The draft is well-written and addresses an important need for a privacy-preserving solution. I like the clarity of the document, its structure and examples provided. That said, I have a few operational and deployment-related comments that may help improve the document: My comments below: 1. It would be helpful to include discussion on the computational and network overhead associated with SD-JWT, especially in constrained environments. 2. In environments with multiple parties involved (e.g., issuer, holder, verifier), failures may be hard to identify. It would be useful to describe how error reporting and troubleshooting can be handled in a privacy-preserving way. 3. Section 10.3 needs to be updated to discuss the need to use a PQ/T or PQ KEM scheme to prevent "harvest now decrypt later attack" for both TLS and JWE. 4. Since SD-JWT relies on JWS, it would be useful to mention that traditional JWS signature algorithms (e.g., ECDSA) will be vulnerable to CRQCs attack in the future. 5. Section 9.8 provides good initial guidance on issuer key distribution and rotation via JWKS but it does not discuss holder key rotation. 6. It is unclear how the verifier would identify a replay attack where the JWT has not yet expired. Cheers, -Tiru
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
