Thanks for the review, Tiru! On Wed, May 21, 2025 at 2:25 AM tirumal reddy <[email protected]> wrote:
> Document: draft-ietf-oauth-selective-disclosure-jwt > Title: Selective Disclosure for JWTs (SD-JWT) > Reviewer: Tirumaleswar Reddy > Review result: "Ready with issues" > > Hi, > > I have reviewed this document as part of the Ops area directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the Ops area > directors. Document editors and WG chairs should treat these comments just > like any other last-call comments. > > The draft is well-written and addresses an important need for a > privacy-preserving solution. I like the clarity of the document, its > structure and examples provided. > Thanks! That said, I have a few operational and deployment-related comments that > may help improve the document: > > My comments below: > > 1. It would be helpful to include discussion on the computational and > network overhead associated with SD-JWT, especially in constrained > environments. > It is not at all clear to me what could be included that would be meaningful or useful. > 2. In environments with multiple parties involved (e.g., issuer, holder, > verifier), failures may be hard to identify. It would be useful to describe > how error reporting and troubleshooting can be handled in a > privacy-preserving way. > This seems well beyond the scope of the document. > 3. Section 10.3 needs to be updated to discuss the need to use a PQ/T or > PQ KEM scheme to prevent "harvest now decrypt later attack" for both TLS > and JWE. > Such discussion does not seem appropriate for the scope of the document. > 4. Since SD-JWT relies on JWS, it would be useful to mention that > traditional JWS signature algorithms (e.g., ECDSA) will be vulnerable to > CRQCs attack in the future. > This also does not seem appropriate for the scope of the document. > 5. Section 9.8 provides good initial guidance on issuer key distribution > and rotation via JWKS but it does not discuss holder key rotation. > The holder's key is bound into the SD-JWT via the cnf claim so neither distribution nor rotation is relevant with respect to the holder and the format described by the document. > 6. It is unclear how the verifier would identify a replay attack where the > JWT has not yet expired. > I don't follow this. But from what I think I might understand, it's not relevant to the document. > > Cheers, > -Tiru > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
