Add privacy consideration

Comments (7)

1. 

   Nat Sakimura reporter

   • changed component to FAPI2: Message Signing

   • 2022-12-14T15:35:11+00:00
2. 

   Nat Sakimura reporter

   • assigned issue to
     
     Nat Sakimura

   • 2023-01-11T14:44:10+00:00
3. 

   Nat Sakimura reporter

   • changed status to open

   • 2023-01-11T14:44:16+00:00
4. 

   Dave Tonge

   https://bitbucket.org/openid/fapi/pull-requests/406

   • 2023-02-01T14:19:22+00:00
5. 

   Nat Sakimura reporter

   • Evaluate if the message needs to be stored. When using Message Signing, it is likely that the entire message is going to be stored as otherwise, the signature will break, unlike in the case of unsigned messages. This will create an additional privacy risk.
   • Therefore, if storing the message, then implementations should take a more rigorous analysis of the data minimization: e.g., who is allowed to access it, how it should be redacted before being presented to the person or systems, etc.
   • A party with multiple pseudonyms may use the same key to sign, which may cause associability..?
   • Key sharing among the apps from a same publisher sharing keychain so sharing a private key could cause an unexpected correlation for a user.

   ‌

   • 2023-02-01T14:42:54+00:00
6. 

   Dave Tonge

   Nat - is it possible to get a PR for this? Thanks

   • 2023-11-29T14:48:18+00:00
7. 

   Nat Sakimura reporter

   Will do.

   • 2024-02-21T14:51:05+00:00
8. Log in to comment