[Openid-specs-risc] openid/sharedsignals: Comment created on issue 140
github at oidf.org
github at oidf.org
Tue Apr 9 21:35:57 UTC 2024
openid/sharedsignals event
Issue Comment created on issue 140
Issue Title: Allow Receiver to supply public key
https://github.com/openid/sharedsignals/issues/140
Comment: > Encrypting the entire SET using a public key can be expensive to the transmitter if there are a large number of security events that need to be encrypted. While I expect that the volume of security events will usually be fairly low there are edge cases (e.g., device compliance events when the definition of compliance changed and resulted with a large number of devices changing their status). As discussed, this is an option, not a requirement, for transmitters. Cost is controllable by the transmitter if they wish to not support encrypting the SETs. In many cases the risk of data leakage or being out of compliance outweighs the expense of encryption. Supporting this as a first class mechanism in SSF will expand the utility of SSF with no cost to those who choose not to implement it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240409/e44b4fa6/attachment.html>
More information about the Openid-specs-risc
mailing list