-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add privacy considerations section about decoy values. #155
Changes from all commits
e3128ad
6c661b0
aada152
efa14d9
5878089
331d95f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1164,6 +1164,32 @@ <h3>Content Distribution Networks</h3> | |
</p> | ||
</section> | ||
|
||
<section class="informative"> | ||
<h3>Decoy Values</h3> | ||
|
||
<p> | ||
[=Issuer=] use of decoy values in status lists has been explored as a mechanism | ||
to increase the privacy of [=subjects=]. While algorithms for employing decoy | ||
values are out of scope for this specification, implementers are advised that | ||
the use of decoy values do not provide privacy gains and can harm privacy in | ||
most cases. | ||
</p> | ||
<p> | ||
When status list entry indexes are allocated in a random fashion, which is the | ||
suggested mode of operation for this specification, adding decoys harms privacy | ||
because it reduces the group privacy size by the number of decoys added to the | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What is a "group privacy size"? I could find no suitable definition on the web, making it seem likely to have been invented here, where there also seems to be no definition. Once there is a definition I can refer to, I expect this paragraph to need some rephrasing. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. pick up in #166 |
||
group. A random allocation of indexes inherently hides the true group size, | ||
ensuring that decoys are not necessary. | ||
</p> | ||
<p> | ||
There might be use cases where decoy values provide benefits. Implementers are | ||
cautioned that no such use cases were clearly identified by the group that | ||
created this specification. As a result, the use of decoys is discouraged for | ||
most use cases, as random allocation of status list entry indexes provides | ||
adequate protection. | ||
</p> | ||
</section> | ||
|
||
<section class="informative"> | ||
<h3>Malicious Issuers and Verifiers</h3> | ||
<p> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anything merged to main without review is liable to have lingering issues. Now I gotta make another PR...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#166