[spec] add statement about responses with PII MUST be encrypted #124

timcappalli · 2024-06-11T21:02:32Z

Add something along the lines of:

implementations which pass PII in the response MUST encrypt that information to the verifier in some fashion"

marcoscaceres · 2024-06-12T05:00:12Z

Can we put that if some input is present the output must be encrypted? Then we can force that algorithmically (and maybe test for it).

Sakurann · 2024-08-01T01:38:33Z

I don't disagree with a sentiment in a proposed statement, but is a MUST in it really enforceable at the browser API level (somewhat elaborating on #109 (comment))? In reality, wouldn't it be up to a wallet to decide if the encryption is required and reject the request without a public key for encryption, when the wallet requires encryption?

timcappalli added the spec label Jun 11, 2024

timcappalli self-assigned this Jun 11, 2024

martijnharing mentioned this issue Jun 12, 2024

Should response encryption be required #109

Open

timcappalli added the cgr1-blocker Community Group Report 1 Blocker label Sep 18, 2024

timcappalli added this to the Community Group Report 1 milestone Sep 19, 2024

timcappalli removed the cgr1-blocker Community Group Report 1 Blocker label Sep 23, 2024

timcappalli removed this from the Community Group Report 1 milestone Oct 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[spec] add statement about responses with PII MUST be encrypted #124

[spec] add statement about responses with PII MUST be encrypted #124

timcappalli commented Jun 11, 2024

marcoscaceres commented Jun 12, 2024 •

edited

Loading

Sakurann commented Aug 1, 2024

[spec] add statement about responses with PII MUST be encrypted #124

[spec] add statement about responses with PII MUST be encrypted #124

Comments

timcappalli commented Jun 11, 2024

marcoscaceres commented Jun 12, 2024 • edited Loading

Sakurann commented Aug 1, 2024

marcoscaceres commented Jun 12, 2024 •

edited

Loading