Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Credential Request application-layer encryption #339

Open
GarethCOliver opened this issue May 31, 2024 · 5 comments
Open

Support Credential Request application-layer encryption #339

GarethCOliver opened this issue May 31, 2024 · 5 comments
Labels

Comments

@GarethCOliver
Copy link

While not relevant when making a direct request form a Wallet to an Issuer endpoint, when going through Wallet Server between the Wallet and the Issuer, application-layer encryption provides a positive privacy benefit to the user.

In particular, for a credential format like mdoc, if the Wallet Server sees the device keys being sent to the issuer, they are able to collude with RPs to track all presentations of the issued credentials. If the credential request is instead encrypted, (and using single-use MSOs) this sort of tracking would only be possible through issue-RP collusion.

@jogu
Copy link
Contributor

jogu commented Jun 5, 2024

I'm not sure if we explicitly say it, but I think there is a current assumption in the spec that calls to the issuer endpoint are made from the wallet app.

I guess the first thing we need to agree on is why there may be a need for these calls to go through a wallet's backend?

@GarethCOliver
Copy link
Author

Oh, sure. From prior conversation with others on the spec my understanding was that OpenID4VCI was intended to support both going through some wallet sever infrastructure as well as directly connecting to the issuer. Clearly, there are privacy implications to doing so, and that e2ee was the intended mechanism for closing some of these gap (and why it is available for credential response).

At its heart the reason for going through a wallet server infrastructure is reliability and usability at scale. Functionally, it should be assumed that any Wallet application can never be updated, as in practice users update slowly and inconsistently. Similarly any analytics/monitoring is slow and unreliable, making detection of issues challenging.

Wallet server infrastructure does not face these issues, and allows for working around client version skew issues that would simply be infeasible for issuers to deal with.

My assumption here is that the Wallet in question is distributed to millions or billions of devices, and is intending to contact 100s of different issuers. Similarly, Issuers would assume to interact with multiple wallets that they do not own, control or understand.

If you'd like, I can open a different issue to ask if using wallet server infrastructure is a valid way to use OpenId4VCI? For me to want to use this would be a hard requirement.

@jogu
Copy link
Contributor

jogu commented Jun 6, 2024

Thanks Gareth! I think that's probably fair - I'm not sure it's necessarily intended to support this architecture but it's certainly not prevented. We don't have any privacy considerations for that kind of architecture so potentially we might need to add them.

The credential response encryption unfortunately isn't great at the moment as currently the wallet backend could gain access to the encrypted data (unless there's extra checks in the issuer on the key used for encryption), but adding the kind of encryption you suggest in this issue might solve that some of that issue.

@peppelinux
Copy link
Member

Using OpenID4VP we have considered useful the encryption of the presentation response. If we have recognized values in the presentation phase we should recognize the same values in the issuance too.

i don't have aprticular privacy concerns about the request, while I would put our attention about the consistency between the request and the response to preserve confidentiality. if the request is exncrypted, the response should be encrypted too.

with this further awareness and changes I would completely support this

@bc-pi
Copy link
Member

bc-pi commented Oct 28, 2024

As stated on the Mon Oct 28, 2024 OIDF DCP WG Hybrid Meeting at Microsoft, I am opposed to the complexity of more application layer encryption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants