sharedsignals icon indicating copy to clipboard operation
sharedsignals copied to clipboard
verified publisher icon openid

Optional receiver_key to enable encryption of SETs

Open FragLegs opened this issue 1 year ago • 0 comments

  • Added optional receiver_key to enable encryption of SETs
  • Added language in Security Considerations section to describe when SETs MUST be encrypted
  • Added language in Security Considerations offering alternative methods of sharing the receiver's public key, including Dynamic Client Registration

During the WG meeting, we discussed using Dynamic Client Registration out-of-band to share the Receiver's public key with the Transmitter. However, that forces the Transmitter to use OAuth2, which we have intentionally tried to avoid in the spec. So instead I provided an optional in-spec method for sharing the Receiver's public key. For those who would prefer to use Dynamic Client Registration, I also added language to the Security Considerations section describing that as a potential option for secret sharing.

Fixes Issue #140

FragLegs avatar Apr 02 '24 13:04 FragLegs