We should add a table to the privacy considerations that lists all of the mitigations that increase privacy when using status lists (or really, any issuer-provided resource). It could look something along the following lines:
| Mitigation |
Attacker |
Implementer |
Cost |
Attack |
Defense |
| K-anonymity |
issuer |
issuer |
$ |
Issuer tracking individual subjects. |
Issuer places status of subjects into a large set that provides statistically significant k-anonymity. |
| CDN |
issuer |
issuer |
$ |
Issuer using access metrics to determine subjects with high degree of confidence. |
Verifier retrieves resource in a way where issuer is not contacted at all. |
| OHTTP |
issuer |
verifier |
$$ |
Issuer using verifier identification to determine subjects with high degree of confidence |
Verifier retrieves resource and caches in a way that blinds issuer to party asking. |
| Holder delivery |
issuer |
holder |
$$ |
Issuer using statistical probability to determine subjects |
Verifier retrieves resource in a way where issuer is not contacted at all. |
| Watchdog |
issuer |
holder |
$$$ |
Issuer reduces k-anonymity to an unacceptable value |
Digital wallet services provide watchdog services for infrequently used resource identifiers. |
We should add a table to the privacy considerations that lists all of the mitigations that increase privacy when using status lists (or really, any issuer-provided resource). It could look something along the following lines: