search

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
Other
54 stars 27 forks source link

state what salt does #417

Closed bc-pi closed 3 months ago

bc-pi commented 3 months ago

question from an email,

... rookie question on your draft for SD-JWT. What is the use case of the salt, and how does it help to hide the claim values?

my response:

I was going to point you to some text in the draft that explains it but unfortunately couldn't find such text. That's maybe something that should be fixed. Sections 10.3 - 10.5 kinda say something about it but the reason is mostly just implied. Basically the salt makes it computationally infeasible to enumerate a potential value space for a claim name/value into the hash function to try and find the matching hash value. Thereby making impossible brute force style attempts to 'reverse' a hash value by hashing all reasonable input values to try and find a match to the hash value. If that makes any sense? To put it another way (which may or may not be helpful), the salt makes it computationally infeasible to guess the preimage of the digest.

The exchange makes me think a brief mention/explanation what salt does/provides in the SD-JWT context would be a worthwhile addition. Maybe just add or modify a sentence or two in sec 10.3. And/or something in https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-08.html#section-5.2.1-2.1.2.1 where the salt value in the Disclosure is introduced/described.

larryzhu2018 commented 3 months ago

Hi Brian, just check for understanding: does the issuer send the clear text values of the disclosed claims to the holder and verifier or does the issuer only send the salted hashes?

       +------------+
       |            |
       |   Issuer   |
       |            |
       +------------+
             |
        Issues SD-JWT
  including all Disclosures
             |
             v
       +------------+
       |            |
       |   Holder   |
       |            |
       +------------+
             |
       Presents SD-JWT
including selected Disclosures
             |
             v
       +-------------+
       |             |+
       |  Verifiers  ||+
       |             |||
       +-------------+||
        +-------------+|
         +-------------+
bc-pi commented 3 months ago

I'm sorry but I don't quite understand the question or how it relates to the small change I'm suggesting in this issue.

selfissued commented 3 months ago

FYI, I was asked what the salt does by an IETF attendee yesterday. I support explaining this in the draft.

bc-pi commented 3 months ago

PR #421 has some proposed text