Messaging Layer Security Credentials using Selective Disclosure JSON and CBOR Web Tokens
draft-mahy-mls-sd-cwt-credential-02
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Rohan Mahy | ||
| Last updated | 2026-05-06 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-mahy-mls-sd-cwt-credential-02
Messaging Layer Security R. Mahy
Internet-Draft Rohan Mahy Consulting Services
Intended status: Informational 6 May 2026
Expires: 7 November 2026
Messaging Layer Security Credentials using Selective Disclosure JSON and
CBOR Web Tokens
draft-mahy-mls-sd-cwt-credential-02
Abstract
The Messaging Layer Security (MLS) protocol contains Credentials used
to authenticate an MLS client with a signature key pair. Selective
Disclosure CBOR Web Tokens (SD-CWT) and Selective Disclosure JSON Web
Tokens (SD-JWT) define token formats where the holder can selectively
reveal claims about itself with strong integrity protection and
cryptographic binding to the holder's key. This document defines MLS
credentials for both these token types.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://rohanmahy.github.io/mls-sd-cwt-credential/draft-mahy-mls-sd-
cwt-credential.html. Status information for this document may be
found at https://datatracker.ietf.org/doc/draft-mahy-mls-sd-cwt-
credential/.
Discussion of this document takes place on the Messaging Layer
Security Working Group mailing list (mailto:mls@ietf.org), which is
archived at https://mailarchive.ietf.org/arch/browse/mls/. Subscribe
at https://www.ietf.org/mailman/listinfo/mls/.
Source for this draft and an issue tracker can be found at
https://github.com/rohanmahy/mls-sd-cwt-credential.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Mahy Expires 7 November 2026 [Page 1]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 November 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. New MLS Credential types . . . . . . . . . . . . . . . . . . 3
3.1. MLS SD-CWT Credential . . . . . . . . . . . . . . . . . . 4
3.2. MLS SD-JWT Credential . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6.1. SD-CWT Credential . . . . . . . . . . . . . . . . . . . . 6
6.2. SD-JWT Credential . . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 8
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
This document defines new MLS [RFC9420] credential types for SD-CWT
[I-D.ietf-spice-sd-cwt] and SD-JWT [RFC9901] tokens respectively.
The SD-CWT Credential contains a Selective Disclosure Key Binding
Token (SD-KBT). The SD-JWT Credential contains an SD-JWT with Key
Binding (SD-JWT+KB), which could be represented in the traditional
data format, or in a more compact binary encoding.
Mahy Expires 7 November 2026 [Page 2]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
The "holder" of one of these tokens could be the MLS client including
the token in its Credential in its LeafNode (in a group or in a
KeyPackage) or in an ExternalSender structure.
Note: It is not necessary for an AS to selectively disclose any
claims. In other words, an Identity Provider that normally
generates JWT or CWT web tokens could generate the same claim set,
as long as the confirmation key is included and verified by the
issuer.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The term Credential is used as defined in Section 5.3 of [RFC9420].
The terms MLS Distribution Service (DS) and MLS Authentication
Service (AS) are used as defined in [RFC9750]. The terms MLS client,
MLS group, LeafNode, KeyPackage, PublicMessage, PrivateMessage,
ratchet tree, and GroupInfo are likewise common MLS terms defined in
[RFC9420].
3. New MLS Credential types
This document extends the list of defined CredentialTypes in MLS to
include sd_cwt and sd_jwt types. Additional syntax and semantics are
defined in the following subsections.
struct {
CredentialType credential_type;
select (Credential.credential_type) {
case basic:
opaque identity<V>;
case x509:
Certificate certificates<V>;
...
case sd_cwt:
opaque sd_kbt<V>;
case sd_jwt:
SdJwt sd_jwt;
};
} Credential;
The MLS architecture [RFC9750] describes the Authentication Services
as having the following three services (i.e. requirements):
Mahy Expires 7 November 2026 [Page 3]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
1. Issue credentials to clients that attest to bindings between
identities and signature key pairs
2. Enable a client to verify that a credential presented by another
client is valid with respect to a reference identifier
3. Enable a group member to verify that a credential represents the
same client as another credential
The consequence of this is that the consumer of the SD-CWT or SD-JWT
needs to be able to determine both the MLS client, and the
application identity referred to in a token, in a Credential.
3.1. MLS SD-CWT Credential
An MLS SD-CWT Credential contains a single SD-KBT, containing an SD-
CWT in the KBT protected header. The SD-CWT contains zero of more
disclosures; if there are any disclosures they appear in the
sd_claims header field, otherwise the header field is absent.
Any party that can view the credential can read the disclosed claims.
For example if LeafNodes are visible to the MLS DS, because MLS
handshake messages are conveyed via PublicMessage, the disclosed
claims would also be visible to the DS.
The SD-CWT inside the credential MAY include zero or more encrypted
disclosures (in the sd_encrypted_claims header field if any encrypted
disclosures are present). Each encrypted disclosure is separately
AEAD encrypted with a per-disclosure unique ephemeral key and salt.
The per-disclosure encryption key allows the holder/MLS client to
disclose an element to a specific subset of members, or (in the
common case when the DS is privy to the ratchet tree) only to members
of the group. A proof of concept to decrypt encrypted disclosures
only for members of the group is described in
[I-D.mahy-mls-member-secrets].
The audience in the SD-KBT is either a representation of the MLS
group, or a higher-level application structure associated with an MLS
group or tightly-coupled collection of groups (for example, a chat
room which maintains one MLS group for the main discussion and
another for moderators to discuss the moderation of the room) such
that being in one group without the collection would be nonsensical.
Mahy Expires 7 November 2026 [Page 4]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
The subject in the SD-CWT represents a specific MLS client (for
example a COSE key thumbprint, or a client ID URI such as a mimi:
client URI as described in Section 3 of [I-D.ietf-mimi-protocol]).
It should not use an identifier which represents multiple signature
key pairs of the same type, or represents the same "user" on multiple
devices. The SD-CWT MAY contain other claims which represent a
distinct "user" identity.
Using the MLS signature key as the confirmation key is encouraged.
In this case, the confirmation key MAY be expressed using the COSE
Key Thumbprint confirmation method.
3.2. MLS SD-JWT Credential
The SD-JWT Credential can be represented in the classic SD-JWT+KB
data format defined in Section 4 of [RFC9901] (shown below), or in a
more compact binary representation. MLS SD-JWT Credentials MUST
include the Key Binding.
The classic format uses only characters from the unpadded base64url
character set (Section 5 of [RFC4648]) plus the period (.) character
to separate the three parts of the Issuer-signed JWT, and the tilde
(~) character to separate disclosures from the other components.
<Issuer-signed JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~<KB-JWT>
Figure 1: SD-JWT+KB in classic format
This document also defines a "compacted" format where each of the
components of the Issuer-signed JWT, every Disclosure, and the KB-JWT
are base64url decoded and stored in individual fields in the SdJwt
struct.
Mahy Expires 7 November 2026 [Page 5]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
struct {
Bool compacted;
select (compacted) {
case true:
opaque protected<V>;
opaque payload<V>;
opaque signature<V>;
SdJwtDisclosure disclosures<V>;
opaque sd_jwt_key_binding<V>;
case false:
opaque sd_jwt_kb<V>;
};
} SdJwt;
enum {
false(0),
true(1)
} Bool;
The compacted variant allows implementations to tradeoff reduced
size for the extra processing cost of base64url encoding and
decoding the Credential.
4. Security Considerations
The privacy considerations in SD-CWT, SD-JWT, and MLS apply. TODO
more security.
5. Privacy Considerations
The privacy considerations in SD-CWT and SD-JWT apply. The privacy
considerations of MLS are largely discussed in [RFC9750]. TODO more
privacy.
6. IANA Considerations
This document requests IANA to add the following entries to the MLS
Credential Types registry. Please replace RFCXXXX with the RFC of
this document.
6.1. SD-CWT Credential
* Value: 0x0005 (suggested)
* Name: sd_cwt
* Recommended: Y
Mahy Expires 7 November 2026 [Page 6]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
* Reference: RFCXXXX
6.2. SD-JWT Credential
* Value: 0x0006 (suggested)
* Name: sd_jwt
* Recommended: Y
* Reference: RFCXXXX
7. References
7.1. Normative References
[I-D.ietf-spice-sd-cwt]
Prorock, M., Steele, O., Birkholz, H., and R. Mahy,
"Selective Disclosure CBOR Web Tokens (SD-CWT)", Work in
Progress, Internet-Draft, draft-ietf-spice-sd-cwt-07, 2
March 2026, <https://datatracker.ietf.org/doc/html/draft-
ietf-spice-sd-cwt-07>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<https://www.rfc-editor.org/rfc/rfc4648>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9420] Barnes, R., Beurdouche, B., Robert, R., Millican, J.,
Omara, E., and K. Cohn-Gordon, "The Messaging Layer
Security (MLS) Protocol", RFC 9420, DOI 10.17487/RFC9420,
July 2023, <https://www.rfc-editor.org/rfc/rfc9420>.
[RFC9750] Beurdouche, B., Rescorla, E., Omara, E., Inguva, S., and
A. Duric, "The Messaging Layer Security (MLS)
Architecture", RFC 9750, DOI 10.17487/RFC9750, April 2025,
<https://www.rfc-editor.org/rfc/rfc9750>.
Mahy Expires 7 November 2026 [Page 7]
Internet-Draft MLS SD-JWT and SD-CWT Credentials May 2026
[RFC9901] Fett, D., Yasuda, K., and B. Campbell, "Selective
Disclosure for JSON Web Tokens", RFC 9901,
DOI 10.17487/RFC9901, November 2025,
<https://www.rfc-editor.org/rfc/rfc9901>.
7.2. Informative References
[I-D.ietf-mimi-protocol]
Barnes, R., Hodgson, M., Kohbrok, K., Mahy, R., Ralston,
T., and R. Robert, "More Instant Messaging
Interoperability (MIMI) using HTTPS and MLS", Work in
Progress, Internet-Draft, draft-ietf-mimi-protocol-06, 25
April 2026, <https://datatracker.ietf.org/doc/html/draft-
ietf-mimi-protocol-06>.
[I-D.mahy-mls-member-secrets]
"*** BROKEN REFERENCE ***".
Acknowledgments
Thanks to Richard Barnes for his comment.
Author's Address
Rohan Mahy
Rohan Mahy Consulting Services
Email: rohan.ietf@gmail.com
Mahy Expires 7 November 2026 [Page 8]