Hi, As we've implemented sd-cwt, we've encountered the same challenges regarding redaction and array order that sd-jwt encountered.
## Consider: my array = [ "hello", 123, true ] When redacted, this becomes: my array = [ "hello", REDACTED, true ] When presented to downstream verification services, should they see: ### Case 1 my array = [ "hello", true ] ### Case 2 my array = [ "hello", null, true ] ## Reasoning We're currently planning to recommend case 1 as the safe default, because if order conveys meaning, it would be better to just redact the entire array, since redacting individual elements leaks information, by relative positioning. The decision on how to handle this case seems possibly data model specific, so we propose to recommend a safe default (change array size), but describe the replace with nulls procedure for implementations that process data models where order must be preserved. Feedback is welcome. Regards, OS
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
