oid4vc-haip-sd-jwt-vc icon indicating copy to clipboard operation
oid4vc-haip-sd-jwt-vc copied to clipboard

Published 20 hours ago verified publisher icon openid

make iat in SD-JWT selectively disclosable during presentation

Open Sakurann opened this issue 2 years ago • 3 comments

from @peppelinux

well, the "human behaviour" may create the practice to get you to update the PID on your birthday, producing a certain information leakage in the meaning of iat. I propose that iat should be in MAY and that there is no problem with making it opaque and SD

Sakurann avatar May 17 '23 15:05 Sakurann

this is obsolete since sd-jwt vc already made iat selectively disclosable. https://drafts.oauth.net/oauth-sd-jwt-vc/draft-ietf-oauth-sd-jwt-vc.html#section-3.2.2.2-4

need to discuss if we want to mandate iat to be selectively disclosable, since sd-jwt vc spec says iat MAY be selectively disclosable

Sakurann avatar Dec 13 '24 14:12 Sakurann

Dumb question, but if the iat leaks, don't then exp or nbf leak as well?

nemqe avatar Dec 19 '24 17:12 nemqe

Not necessarily. It can be chosen independently.

danielfett avatar Jan 02 '25 09:01 danielfett