Script updating gh-pages from 4c6b98c. [ci skip]

oauth-wg · Jan 16, 2025 · 5364616 · 5364616
1 parent bcd8484
commit 5364616
Show file tree

Hide file tree

Showing 2 changed files with 173 additions and 110 deletions.
diff --git a/draft-ietf-oauth-selective-disclosure-jwt.html b/draft-ietf-oauth-selective-disclosure-jwt.html
@@ -2418,8 +2418,8 @@ <h3 id="name-issuance">
 InNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0y
 NTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VH
 ZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlG
-MkhaUSJ9fX0.FtnB1w2QfxxqMmNIf4r6P63QVHiEyJEu-ic76eyAU36QBRm6c7KeWwe_
-7HjyUYz_q4TcjuHdnXYZcgge_kLLAQ
+MkhaUSJ9fX0.mdnOb9rN4FDxkuDjHqYkW4vgUE4q3SCj_e-qBZ6XdqnLDZJiz4xT-7l8
+XbbnVTKd5VzWmCpijKExF36lugisTw
 
 </pre><a href="#section-5.1-29" class="pilcrow">¶</a>
 </div>
@@ -2441,8 +2441,8 @@ <h3 id="name-issuance">
 InNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0y
 NTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VH
 ZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlG
-MkhaUSJ9fX0.FtnB1w2QfxxqMmNIf4r6P63QVHiEyJEu-ic76eyAU36QBRm6c7KeWwe_
-7HjyUYz_q4TcjuHdnXYZcgge_kLLAQ~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgI
+MkhaUSJ9fX0.mdnOb9rN4FDxkuDjHqYkW4vgUE4q3SCj_e-qBZ6XdqnLDZJiz4xT-7l8
+XbbnVTKd5VzWmCpijKExF36lugisTw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgI
 mdpdmVuX25hbWUiLCAiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZh
 bWlseV9uYW1lIiwgIkRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWl
 sIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhR
@@ -2486,18 +2486,18 @@ <h3 id="name-presentation">
 InNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0y
 NTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VH
 ZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlG
-MkhaUSJ9fX0.FtnB1w2QfxxqMmNIf4r6P63QVHiEyJEu-ic76eyAU36QBRm6c7KeWwe_
-7HjyUYz_q4TcjuHdnXYZcgge_kLLAQ~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgI
+MkhaUSJ9fX0.mdnOb9rN4FDxkuDjHqYkW4vgUE4q3SCj_e-qBZ6XdqnLDZJiz4xT-7l8
+XbbnVTKd5VzWmCpijKExF36lugisTw~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgI
 mZhbWlseV9uYW1lIiwgIkRvZSJd~WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImFk
 ZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5
 IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMi
 fV0~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd
 ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgIlVTIl0~eyJhbGciOiAiRVMyNTYiLCA
 idHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodH
-RwczovL3ZlcmlmaWVyLmV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA1NzYsICJzZF
-9oYXNoIjogImZ0N3pBODN4bTN2TGktTndOQlZxdWFBdGlSdzRET0E4RWFkNGNEVG1Van
-MifQ.6EfnmtFdvNtRxn46CPa_DB0LJ6yao1zJqsGu5KFPMZ5plApenPOMvBYQYkRVaQM
-7hk6__crY5skXAmSl2loaLg
+RwczovL3ZlcmlmaWVyLmV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA5OTMsICJzZF
+9oYXNoIjogIm90RWRJdkpiZ1Bld1ZqRENTN0FRV2RNazcxd1hmRGRSR0JXTEN0WjU4UT
+AifQ.ATWkrEjGpYTmwz26W6B8yIFVlreg7Sn-yKol4ZlkbsDhEuLjHpbdye6RWb9Wm6I
+AwDa8QDxVC_aDv_HXQJVo2g
 
 </pre><a href="#section-5.2-2" class="pilcrow">¶</a>
 </div>
@@ -2506,8 +2506,8 @@ <h3 id="name-presentation">
 <pre>{
   "nonce": "1234567890",
   "aud": "https://verifier.example.org",
-  "iat": 1737050576,
-  "sd_hash": "ft7zA83xm3vLi-NwNBVquaAtiRw4DOA8Ead4cDTmUjs"
+  "iat": 1737050993,
+  "sd_hash": "otEdIvJbgPewVjDCS7AQWdMk71wXfDdRGBWLCtZ58Q0"
 }
 
 </pre><a href="#section-5.2-4" class="pilcrow">¶</a>
@@ -3087,8 +3087,8 @@ <h3 id="name-flattened-json-serializatio">
     Z1ZWNDRTZ0NGpUOUYySFpRIn19fQ",
   "protected":
     "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
-  "signature": "gcQiD3RN1lD6vH1WRpISyWu7goNaQ0eTyTMXCEs5ekmcl5189wDh
-    qHpkuqjseIzX6W0KPVQ9X3jQeVRlGKSncg"
+  "signature": "F8u5z1GHtskwTe9wJJT66GzY4zqfBJ-lfwGRTf_BkUH5_e3jssCS
+    4k-zENICQLd2nVQdD6Yvg9oP8HYnk2e6iA"
 }
 
 </pre><a href="#section-8.2-3" class="pilcrow">¶</a>
@@ -3105,10 +3105,10 @@ <h3 id="name-flattened-json-serializatio">
     ],
     "kb_jwt": "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25j
       ZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL3ZlcmlmaWVyLmV4YW
-      1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA1NzYsICJzZF9oYXNoIjogIlh4bGNI
-      MWY2TEFRcXR3T09iWGtSQktwV19wQXN6R0FyLXBRakNQMVFOU0EifQ.71WJJv8
-      FIIy0WEqYjDx9XEevnyqoq4FMRP5vFBR5Oi7ZgbcGkHR5tU-7C1tTlzQYMThni
-      63rfWoLeyQqJpUv1w"
+      1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA5OTMsICJzZF9oYXNoIjogIldkUE5N
+      WnB0TDJTaTRXWFp3aG15QnpmS0lVWENJdTVlazVtNE04N0dPS28ifQ.aVLgFy4
+      tungfQCb5nKxYeKwdLBPS0WY8sjLk6P-gaODhYbGLMIGZRIaD20FAT7AboDBVH
+      KIYltYLKFjsrCjCNg"
   },
   "payload": "eyJfc2QiOiBbIjRIQm42YUlZM1d0dUdHV1R4LXFVajZjZGs2V0JwWn
     lnbHRkRmF2UGE3TFkiLCAiOHNtMVFDZjAyMXBObkhBQ0k1c1A0bTRLWmd5Tk9PQV
@@ -3122,8 +3122,8 @@ <h3 id="name-flattened-json-serializatio">
     Z1ZWNDRTZ0NGpUOUYySFpRIn19fQ",
   "protected":
     "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
-  "signature": "gcQiD3RN1lD6vH1WRpISyWu7goNaQ0eTyTMXCEs5ekmcl5189wDh
-    qHpkuqjseIzX6W0KPVQ9X3jQeVRlGKSncg"
+  "signature": "F8u5z1GHtskwTe9wJJT66GzY4zqfBJ-lfwGRTf_BkUH5_e3jssCS
+    4k-zENICQLd2nVQdD6Yvg9oP8HYnk2e6iA"
 }
 
 </pre><a href="#section-8.2-5" class="pilcrow">¶</a>
@@ -3166,24 +3166,24 @@ <h3 id="name-general-json-serialization">
         "kid": "issuer-key-1",
         "kb_jwt": "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJu
           b25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL3ZlcmlmaW
-          VyLmV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA1NzYsICJzZF9oYXNo
-          IjogIlZMeXlWbVdGWnlPM2pYQS1lUi1SaGtKQlMxXzVfcFJDWHhzbllESX
-          hfTkEifQ.kRg_V71eargeyFOVPcrsJVHpGR2GSL99A7U8zsbl0g0-3FA1z
-          M8tJZTZ00JsnUYH_cxgc1QHHkxH2wlMpDFvvA"
+          VyLmV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA5OTMsICJzZF9oYXNo
+          IjogImtxd1VQU1JKOGh1SHBrc0tEMEFtTW1tak9UcDZtc18tYUxFSGRhc1
+          BKUUkifQ.Eg5nWqKOcOjgDxQ0PrlK7xPQpX3RRaq8DpJW75qMswVuM35N3
+          CvZuVyBwf7bSPdqk-BX_Pi32ZeuiIz_YlUd_g"
       },
       "protected":
         "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
-      "signature": "dD8YFIjO_dDgql7zEj8rWVUdGb_ViQHMwyBzKKtKtI-8buHd
-        jZUjVzxb7LAguuUIIum5AAaZ0Jkb1YHc-N7jPA"
+      "signature": "390lSVJ5nLUxSeaA1ZxxQwc3u6pV4QAZk07Rg_0D98BKH-uM
+        IUfnKaYSqwX-nVFWd1RjHq045pUFPiKIAbxoAQ"
     },
     {
       "header": {
         "kid": "issuer-key-2"
       },
       "protected":
         "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0",
-      "signature": "KOSLhrKejZcZwz9-Tw0P3WifDAwMU1VaA3VDbNglT5JtneIW
-        TTWri3ZArd6p85Letye_QJ0vSKvYwObfhqBViw"
+      "signature": "Vy_FEIeiZL-sVijv5y1EqUC1GsQO9okxjPxaMdgNmeiDtbGo
+        6OIl9qewfgktp2nN5Z1l0i0Lun-0rDGELdqJAg"
     }
   ]
 }
@@ -3580,6 +3580,17 @@ <h3 id="name-unlinkability">
 time period considered appropriate (e.g., randomize <code>iat</code> within the last 24
 hours and calculate <code>exp</code> accordingly) or rounded (e.g., rounded down to the
 beginning of the day).<a href="#section-10.1-9" class="pilcrow">¶</a></p>
+<p id="section-10.1-10">SD-JWT only conceals the value of claims that are not revealed.
+It does not meet security notations for anonymous credentials <span>[<a href="#CL01" class="cite xref">CL01</a>]</span>. In
+particular, colluding Verifiers and Issuers can know when they have seen the same
+credential no matter what fields have been disclosed, even when none have been disclosed.
+This behavior may not align with what users naturally anticipate or are guided to
+expect from user interface interactions, potentially causing them to make decisions
+they might not otherwise make. Workarounds such as batch issuance, as
+described above, help with keeping
+Verifiers from linking different presentations, but cannot work for Issuer/Verifier unlinkability.
+This issue applies to all salted hash-based approaches,
+including mDL/mDoc <span>[<a href="#ISO.18013-5" class="cite xref">ISO.18013-5</a>]</span> and SD-CWT <span>[<a href="#I-D.ietf-spice-sd-cwt" class="cite xref">I-D.ietf-spice-sd-cwt</a>]</span>.<a href="#section-10.1-10" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="data_storage">
@@ -3709,7 +3720,8 @@ <h2 id="name-acknowledgements">
 Tobias Looker,
 Takahiko Kawasaki,
 Torsten Lodderstedt,
-Vittorio Bertocci, and
+Vittorio Bertocci,
+Watson Ladd, and
 Yaron Sheffer
 for their contributions (some of which substantial) to this draft and to the initial set of implementations.<a href="#section-11-1" class="pilcrow">¶</a></p>
 <p id="section-11-2">Special appreciation is extended to Martin Thomson, who wielded his considerable intellect and influence to change a single occurrence of the word "to" to "with" in the midst of a significant proposal that would be integrated into this document six months later.<a href="#section-11-2" class="pilcrow">¶</a></p>
@@ -4004,6 +4016,10 @@ <h3 id="name-informative-references">
 <a href="#section-13.2" class="section-number selfRef">13.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
         </h3>
 <dl class="references">
+<dt id="CL01">[CL01]</dt>
+        <dd>
+<span class="refAuthor">Camenisch, J.</span> and <span class="refAuthor">A. Lysyanskaya</span>, <span class="refTitle">"An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation"</span>, <span class="seriesInfo">Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT) 2001</span>, <time datetime="2001" class="refDate">2001</time>, <span>&lt;<a href="https://eprint.iacr.org/2001/019.pdf">https://eprint.iacr.org/2001/019.pdf</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 <dt id="EUDIW.ARF">[EUDIW.ARF]</dt>
         <dd>
 <span class="refAuthor">Commission, E.</span>, <span class="refTitle">"The European Digital Identity Wallet Architecture and Reference Framework"</span>, <span>&lt;<a href="https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework">https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework</a>&gt;</span>. </dd>
@@ -4012,6 +4028,10 @@ <h3 id="name-informative-references">
         <dd>
 <span class="refAuthor">Terbu, O.</span>, <span class="refAuthor">Fett, D.</span>, and <span class="refAuthor">B. Campbell</span>, <span class="refTitle">"SD-JWT-based Verifiable Credentials (SD-JWT VC)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-oauth-sd-jwt-vc-08</span>, <time datetime="2024-12-03" class="refDate">3 December 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-08">https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-08</a>&gt;</span>. </dd>
 <dd class="break"></dd>
+<dt id="I-D.ietf-spice-sd-cwt">[I-D.ietf-spice-sd-cwt]</dt>
+        <dd>
+<span class="refAuthor">Prorock, M.</span>, <span class="refAuthor">Steele, O.</span>, <span class="refAuthor">Birkholz, H.</span>, and <span class="refAuthor">R. Mahy</span>, <span class="refTitle">"SPICE SD-CWT"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-spice-sd-cwt-02</span>, <time datetime="2024-12-04" class="refDate">4 December 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-spice-sd-cwt-02">https://datatracker.ietf.org/doc/html/draft-ietf-spice-sd-cwt-02</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 <dt id="IANA.Hash.Algorithms">[IANA.Hash.Algorithms]</dt>
         <dd>
 <span class="refAuthor">IANA</span>, <span class="refTitle">"Named Information Hash Algorithm"</span>, <span>&lt;<a href="https://www.iana.org/assignments/named-information/named-information.xhtml">https://www.iana.org/assignments/named-information/named-information.xhtml</a>&gt;</span>. </dd>
@@ -4032,6 +4052,10 @@ <h3 id="name-informative-references">
         <dd>
 <span class="refAuthor">IANA</span>, <span class="refTitle">"Structured Syntax Suffixs"</span>, <span>&lt;<a href="https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml">https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml</a>&gt;</span>. </dd>
 <dd class="break"></dd>
+<dt id="ISO.18013-5">[ISO.18013-5]</dt>
+        <dd>
+<span class="refAuthor">ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification</span>, <span class="refTitle">"ISO/IEC 18013-5:2021 Personal identification — ISO-compliant driving license — Part 5: Mobile driving license (mDL) application"</span>, <time datetime="2021" class="refDate">2021</time>, <span>&lt;<a href="https://www.iso.org/standard/69084.html">https://www.iso.org/standard/69084.html</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 <dt id="ISO.29100">[ISO.29100]</dt>
         <dd>
 <span class="refAuthor">ISO</span>, <span class="refTitle">"ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework"</span>, <span>&lt;<a href="https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html">https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html</a>&gt;</span>. </dd>
@@ -4319,8 +4343,8 @@ <h3 id="name-simple-structured-sd-jwt">
 U1U3ZlNXZ3dGNVVEWm1Xd0JUdzMyZ25VbGRJaGk4aEdWQ2FWNCIsICJydkpkNmlxNlQ1
 ZWptc0JNb0d3dU5YaDlxQUFGQVRBY2k0MG9pZEVlVnNBIiwgInVOSG9XWWhYc1poVkpD
 TkUyRHF5LXpxdDd0NjlnSkt5NVFhRnY3R3JNWDQiXX0sICJfc2RfYWxnIjogInNoYS0y
-NTYifQ.hPM-X2gUNsbiCr8QzPc58YYDAJMJAxnOa46DHu9gkTGpAqLzFvIlrstBvFWWy
-R5-jntuOrnjuSjRl4bk_DcY-A~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgInJlZ2
+NTYifQ.HPa4_KJnTrXkot5fOMhteFsOcD5iG9X8hRZ3-gDKppAcsKFi0ZCGcQcEB0IcZ
+D0ZnmBQQJ1GrPjYct9F4-rS8Q~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgInJlZ2
 lvbiIsICJcdTZlMmZcdTUzM2EiXQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImN
 vdW50cnkiLCAiSlAiXQ~
 
@@ -4671,8 +4695,8 @@ <h3 id="name-complex-structured-sd-jwt">
 TWsiLCAiV3hoX3NWM2lSSDliZ3JUQkppLWFZSE5DTHQtdmpoWDFzZC1pZ09mXzlsayIs
 ICJfTy13SmlIM2VuU0I0Uk9IbnRUb1FUOEptTHR6LW1oTzJmMWM4OVhvZXJRIiwgImh2
 RFhod21HY0pRc0JDQTJPdGp1TEFjd0FNcERzYVUwbmtvdmNLT3FXTkUiXX19LCAiX3Nk
-X2FsZyI6ICJzaGEtMjU2In0.k0s_rj3JkmqGAsElL8eDkGvXM6jJJtaOhxK2oDvS86_m
-bVIfDFMc9kvklBDg1qGHvc063OmlgzYV_YyhyhuEfg~WyIyR0xDNDJzS1F2ZUNmR2Zye
+X2FsZyI6ICJzaGEtMjU2In0.QFlUT-yh08qoL3KnSMI4ToPnlJ1Ze4x7KkG3ZCWP9Oqf
+8sWxRY35O9LCTXxgNdkmfHdE3nbWbQxJnaEvfK5XyQ~WyIyR0xDNDJzS1F2ZUNmR2Zye
 U5STjl3IiwgInRpbWUiLCAiMjAxMi0wNC0yM1QxODoyNVoiXQ~WyJQYzMzSk0yTGNoY1
 VfbEhnZ3ZfdWZRIiwgeyJfc2QiOiBbIjl3cGpWUFd1RDdQSzBuc1FETDhCMDZsbWRnVj
 NMVnliaEh5ZFFwVE55TEkiLCAiRzVFbmhPQU9vVTlYXzZRTU52ekZYanBFQV9SYy1BRX
@@ -4792,8 +4816,8 @@ <h3 id="name-sd-jwt-based-verifiable-cre">
 6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
 tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
 lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-5RjJIWlEifX19.CPqlvKz80mE0CtwKlkqXvaq6krVLGc83yWdCBzSWPQ3j-SKtcwThrD
-HoPOVhMTG5oxs0aw7H8lbmwSjRLkzyjA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
+5RjJIWlEifX19.GFxZpRkhc-VZwapBpkc7ZJOW2-p391NHpQHRzUlOirdW74JRprAhzH
+t5s1a9F5N2w2GhmQHkLj_CTZZwFEnnLA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
 gImdpdmVuX25hbWUiLCAiRXJpa2EiXQ~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwg
 ImZhbWlseV9uYW1lIiwgIk11c3Rlcm1hbm4iXQ~WyI2SWo3dE0tYTVpVlBHYm9TNXRtd
 lZBIiwgImJpcnRoZGF0ZSIsICIxOTYzLTA4LTEyIl0~WyJlSThaV205UW5LUHBOUGVOZ
@@ -5148,14 +5172,14 @@ <h3 id="name-sd-jwt-based-verifiable-cre">
 6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
 tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
 lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-5RjJIWlEifX19.CPqlvKz80mE0CtwKlkqXvaq6krVLGc83yWdCBzSWPQ3j-SKtcwThrD
-HoPOVhMTG5oxs0aw7H8lbmwSjRLkzyjA~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
+5RjJIWlEifX19.GFxZpRkhc-VZwapBpkc7ZJOW2-p391NHpQHRzUlOirdW74JRprAhzH
+t5s1a9F5N2w2GhmQHkLj_CTZZwFEnnLA~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
 gIm5hdGlvbmFsaXRpZXMiLCBbIkRFIl1d~WyJNMEpiNTd0NDF1YnJrU3V5ckRUM3hBIi
 wgIjE4IiwgdHJ1ZV0~eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub
 25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL3ZlcmlmaWVyLmV4YW1wb
-GUub3JnIiwgImlhdCI6IDE3MzcwNTA1NzYsICJzZF9oYXNoIjogIlVpNmlUcElpVmozV
-WpLM3VrRkZ2MWFVSU5sN0wzSUxFSE92anZFQXZmTWcifQ.C4VWCy3LU2gV37lhdrid_b
-2rse7qsRrhHgiQ3azjLHqBk0aO2prO-IYvcG1xVW6xACptSCJf80Wzdng0GEqYVw
+GUub3JnIiwgImlhdCI6IDE3MzcwNTA5OTMsICJzZF9oYXNoIjogIkozVEtSRDJKRXZrR
+mh0VkRZQ1U3Qk9MV1QzTTJvU2syNS1jSUlFdVpzWDQifQ.My_pIRhB5hxub2bQoadNxc
+qZlAQemFjDepvYsEKweHTSQw629s4nasLrO5VzWNN0DbB8UntsocJccWDr--FQ6g
 
 </pre><a href="#appendix-A.3-53" class="pilcrow">¶</a>
 </div>
@@ -5164,8 +5188,8 @@ <h3 id="name-sd-jwt-based-verifiable-cre">
 <pre>{
   "nonce": "1234567890",
   "aud": "https://verifier.example.org",
-  "iat": 1737050576,
-  "sd_hash": "Ui6iTpIiVj3UjK3ukFFv1aUINl7L3ILEHOvjvEAvfMg"
+  "iat": 1737050993,
+  "sd_hash": "J3TKRD2JEvkFhtVDYCU7BOLWT3M2oSk25-cIIEuZsX4"
 }
 
 </pre><a href="#appendix-A.3-55" class="pilcrow">¶</a>
@@ -5278,8 +5302,8 @@ <h3 id="name-w3c-verifiable-credentials-">
 c2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJj
 cnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxp
 bERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVj
-Q0U2dDRqVDlGMkhaUSJ9fX0.9EWrRpmv1GV8Os1M3YPZVyU5r1giZM9NMcSoW1mODv_W
-nZ40M2QLJ_w5TIQ59JHDNyjB2jucYuiIuUCkkmA5Yw~WyIyR0xDNDJzS1F2ZUNmR2Zye
+Q0U2dDRqVDlGMkhaUSJ9fX0._QQdUvJ9N45hfWu1pnsS_BaRzLREqy4LrRr4LNts7P2m
+TR_29YjniTZ_IrU7vaUM_IYzf5-JjZrhNJ7eCJnYNQ~WyIyR0xDNDJzS1F2ZUNmR2Zye
 U5STjl3IiwgImF0Y0NvZGUiLCAiSjA3QlgwMyJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4
 QV9BIiwgIm1lZGljaW5hbFByb2R1Y3ROYW1lIiwgIkNPVklELTE5IFZhY2NpbmUgTW9k
 ZXJuYSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgIm1hcmtldGluZ0F1dGhvcml
@@ -5561,18 +5585,18 @@ <h3 id="name-w3c-verifiable-credentials-">
 c2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJj
 cnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxp
 bERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVj
-Q0U2dDRqVDlGMkhaUSJ9fX0.9EWrRpmv1GV8Os1M3YPZVyU5r1giZM9NMcSoW1mODv_W
-nZ40M2QLJ_w5TIQ59JHDNyjB2jucYuiIuUCkkmA5Yw~WyJQYzMzSk0yTGNoY1VfbEhnZ
+Q0U2dDRqVDlGMkhaUSJ9fX0._QQdUvJ9N45hfWu1pnsS_BaRzLREqy4LrRr4LNts7P2m
+TR_29YjniTZ_IrU7vaUM_IYzf5-JjZrhNJ7eCJnYNQ~WyJQYzMzSk0yTGNoY1VfbEhnZ
 3ZfdWZRIiwgIm9yZGVyIiwgIjMvMyJd~WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwg
 ImRhdGVPZlZhY2NpbmF0aW9uIiwgIjIwMjEtMDYtMjNUMTM6NDA6MTJaIl0~WyIyR0xD
 NDJzS1F2ZUNmR2ZyeU5STjl3IiwgImF0Y0NvZGUiLCAiSjA3QlgwMyJd~WyJlbHVWNU9
 nM2dTTklJOEVZbnN4QV9BIiwgIm1lZGljaW5hbFByb2R1Y3ROYW1lIiwgIkNPVklELTE
 5IFZhY2NpbmUgTW9kZXJuYSJd~eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dC
 J9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL3ZlcmlmaWVyL
-mV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA1NzYsICJzZF9oYXNoIjogIk9GMGE2O
-HZKblZYNUhoMHFCQVZiY0JSU0pBSERIZ1N6WUhKVl9FRjBsVUUifQ.VGvQMU7j-R0-Fe
-CTfeLThHY2qawn-GgbFD_QiG-Dw0bchE--4losZUebZU9STT9CvpfEBi96mhwljq5jQB
-mjUA
+mV4YW1wbGUub3JnIiwgImlhdCI6IDE3MzcwNTA5OTMsICJzZF9oYXNoIjogIjdQSTQza
+25WanE4dnhlOHcyTm1USUJiY2FmM2lKRlZtVmc1Y0t5cUpIZE0ifQ.hMV8uB0PePQ-QK
+m8rkd1vi2VtUPmAZrGJGPBT4ZCZgH9QeTujikXAKQrRiZsjurCNkFE9lP6-ZmNiJeyLJ
+taHg
 
 </pre><a href="#appendix-A.4-39" class="pilcrow">¶</a>
 </div>
@@ -5748,12 +5772,14 @@ <h2 id="name-document-history">
       </h2>
 <p id="appendix-C-1">[[ To be removed from the final specification ]]<a href="#appendix-C-1" class="pilcrow">¶</a></p>
 <p id="appendix-C-2">-15<a href="#appendix-C-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="appendix-C-3">
-<pre>* Address AD review comments resulting from evaluation of formal appeal
-* Clarify language around compromised/coerced verifiers
-
-</pre><a href="#appendix-C-3" class="pilcrow">¶</a>
-</div>
+<ul class="compact">
+<li class="compact" id="appendix-C-3.1">Additions and adjustments to privacy considerations<a href="#appendix-C-3.1" class="pilcrow">¶</a>
+</li>
+        <li class="compact" id="appendix-C-3.2">Address AD review comments resulting from evaluation of formal appeal<a href="#appendix-C-3.2" class="pilcrow">¶</a>
+</li>
+        <li class="compact" id="appendix-C-3.3">Clarify language around compromised/coerced verifiers<a href="#appendix-C-3.3" class="pilcrow">¶</a>
+</li>
+      </ul>
 <p id="appendix-C-4">-14<a href="#appendix-C-4" class="pilcrow">¶</a></p>
 <ul class="compact">
 <li class="compact" id="appendix-C-5.1">Address WGLC (part 2) comments<a href="#appendix-C-5.1" class="pilcrow">¶</a>