From 70019b9d438ff62e7ab911b446742733c767ebef Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Thu, 2 May 2024 16:45:17 +0200 Subject: [PATCH] Note that for online scenarios, ARKG gives assurance of same-hardware binding --- draft-bradleylundberg-cfrg-arkg.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/draft-bradleylundberg-cfrg-arkg.md b/draft-bradleylundberg-cfrg-arkg.md index fd93619..0dcb01b 100644 --- a/draft-bradleylundberg-cfrg-arkg.md +++ b/draft-bradleylundberg-cfrg-arkg.md @@ -145,8 +145,11 @@ Some motivating use cases of ARKG include: which is set to use single-use asymmetric keys to prevent colluding verifiers from using public keys as correlation handles. Each digital identity credential would thus be issued with a single-use proof-of-possession key, used only once to present the credential to a verifier. - ARKG enables offline usage scenarios by allowing pre-generation of public keys for single-use credentials + ARKG empowers both online and offline usage scenarios: + for offline scenarios, ARKG enables pre-generation of public keys for single-use credentials without needing to access the hardware security device that holds the private keys. + For online scenarios, ARKG gives the credential issuer assurance + that all derived private keys are bound to the same secure hardware element. - __Enhanced forward secrecy__: The use of ARKG can facilitate forward secrecy in certain contexts.