forked from AltmannPeter/privacy-key-management
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into feat/ecdsa-vul
- Loading branch information
Showing
1 changed file
with
5 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,6 +18,9 @@ author: | |
surname: Dijkhuis | ||
organization: Cleverbase | ||
email: [email protected] | ||
contributor: | ||
- fullname: Micha Kraus | ||
organization: Bundesdruckerei | ||
ipr: trust200902 | ||
normative: | ||
I-D.draft-bradleylundberg-cfrg-arkg-02: | ||
|
@@ -40,6 +43,7 @@ normative: | |
date: 2019-09 | ||
RFC7800: | ||
RFC8017: | ||
RFC8235: | ||
RFC9380: | ||
SEC2: | ||
title: "SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0" | ||
|
@@ -550,7 +554,7 @@ Some issuers could require evidence from a solution provider of the security of | |
|
||
The Wallet Trust Evidence public key is the root HDK public key. To achieve reader unlinkability, the wallet SHOULD limit access to a trusted person identification document provider only. | ||
|
||
To prevent association across identities, the solution provider MUST before issuing Wallet Trust Evidence ensure that the root HDK public key is associated with a newly generated device key pair. For example, the solution provider could rely on freshness of a key attestation and ensure that each device public key is attested only once. | ||
To prevent association across identities, the solution provider MUST before issuing Wallet Trust Evidence ensure that (a) a newly generated device key pair is used and (b) the wallet follows the protocol so that the HDK-Root output is bound to exactly this key. For (a), the solution provider could rely on freshness of a key attestation and ensure that each device public key is attested only once. For (b), the wallet could proof knowledge of `sk'` with a Schnorr non-interactive zero-knowledge proof [RFC8235] with base point `pk_device`. This would ensure,that the root blinding key `sk'` is not shared with the solution provider to reduce the risk of the solution provider unblinding future derived keys. | ||
|
||
### Issuer Trust Evidence | ||
|
||
|