oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
Other
56 stars 31 forks source link

Avoid leaking information with number of digests. #170

Closed cobward closed 1 year ago

cobward commented 1 year ago

In order to prevent the number of digests leaking any information, ISO-18013-5 suggests adding additional digests that do not correlate to any of the hidden elements. The recently suggested format of sd-jwt would mean you would have to add these at every level that hidden elements are defined:

     "family_name": "Möbius",
     "sd|<real-digest>": "",
+    "sd|<fake-digest-1>": "",
+    "sd|<fake-digest-2>": "",
+    "sd|<fake-digest-3>": ""
     "address": {
       "street_address": "Schulstr. 12",
       "locality": "Schulpforta",
       "sd|<real-digest>": "",
+      "sd|<fake-digest-4>": "",
+      "sd|<fake-digest-5>": "",
+      "sd|<fake-digest-6>": ""
     }

This obviously adds a lot of bloat. A better alternative for this would be for all selective-disclosures to be defined in a top-level array.

     "family_name": "Möbius",
     "address": {
       "street_address": "Schulstr. 12",
       "locality": "Schulpforta",
     }
     "sd": [
       "<real-digest-1>",
       "<real-digest-2>",
       "<fake-digest-1>",
       "<fake-digest-2>",
       "<fake-digest-3>"
     ]
danielfett commented 1 year ago

This has been solved in the recently merged PR #174. We did not, however, pull the sd hashes to the top level, as the structured approach encourages secure implementations (see "Verification by the Verifier" and "Manipulation of Disclosures" sections in the updated document).