Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect Info in Security Consideration Section #289

Open
hannestschofenig opened this issue Jul 20, 2024 · 1 comment
Open

Incorrect Info in Security Consideration Section #289

hannestschofenig opened this issue Jul 20, 2024 · 1 comment
Assignees
@SteveLasker @roywill
Labels
ready-for-pr
Milestone
Draft 09 - SECDIR...

Comments

@hannestschofenig
Copy link
Collaborator

For example, Issuers must remove
Personally Identifiable Information (PII) as clear text in the
Statement. Alternatively, Issuers may include opaque cryptographic
Statements, such as hashes.

The identity of the issuer is included in the signed statement. As such, the example is not great.
@roywill roywill self-assigned this Aug 6, 2024
@SteveLasker
Copy link
Collaborator

The doc has transistioned over time to now reflect the definition of the TS is to only store hashes of the signed statements, and the storage of the signed statements, receipts in other ancillary services is outside the drafts scope.
The doc needs a scrub to reflect the separation so sentences like this can have the proper context.

Update PII text to reflect the separation of persistence, and ability to use the cose-hash-envelope

@SteveLasker SteveLasker self-assigned this Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SteveLasker SteveLasker

@roywill roywill

Labels
ready-for-pr
Projects
None yet
Milestone
Draft 09 - SECDIR Review IETF 121
Development

No branches or pull requests
3 participants
@hannestschofenig @SteveLasker @roywill