Script updating gh-pages from 4a57119. [ci skip]

Yubico · May 13, 2024 · c1a0ed9 · c1a0ed9
1 parent 3a0b943
commit c1a0ed9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/proposal-2024-03-09/Introduction/draft-bradleylundberg-cfrg-arkg.html b/proposal-2024-03-09/Introduction/draft-bradleylundberg-cfrg-arkg.html
@@ -1294,8 +1294,13 @@ <h2 id="name-introduction">
 which is set to use single-use asymmetric keys to prevent colluding verifiers from using public keys as correlation handles.
 Each digital identity credential would thus be issued with a single-use proof-of-possession key,
 used only once to present the credential to a verifier.
-ARKG enables offline usage scenarios by allowing pre-generation of public keys for single-use credentials
-without needing to access the hardware security device that holds the private keys.<a href="#section-1-3.1.1" class="pilcrow">¶</a></p>
+ARKG empowers both online and offline usage scenarios:
+for offline scenarios, ARKG enables pre-generation of public keys for single-use credentials
+without needing to access the hardware security device that holds the private keys.
+For online scenarios, ARKG gives the credential issuer assurance
+that all derived private keys are bound to the same secure hardware element.
+In both cases, application performance may be improved
+since public keys can be generated in a general-purpose execution environment instead of a secure enclave.<a href="#section-1-3.1.1" class="pilcrow">¶</a></p>
 </li>
         <li class="normal" id="section-1-3.2">
           <p id="section-1-3.2.1"><strong>Enhanced forward secrecy</strong>:

diff --git a/proposal-2024-03-09/Introduction/draft-bradleylundberg-cfrg-arkg.txt b/proposal-2024-03-09/Introduction/draft-bradleylundberg-cfrg-arkg.txt
@@ -128,9 +128,15 @@ Table of Contents
       keys as correlation handles.  Each digital identity credential
       would thus be issued with a single-use proof-of-possession key,
       used only once to present the credential to a verifier.  ARKG
-      enables offline usage scenarios by allowing pre-generation of
-      public keys for single-use credentials without needing to access
-      the hardware security device that holds the private keys.
+      empowers both online and offline usage scenarios: for offline
+      scenarios, ARKG enables pre-generation of public keys for single-
+      use credentials without needing to access the hardware security
+      device that holds the private keys.  For online scenarios, ARKG
+      gives the credential issuer assurance that all derived private
+      keys are bound to the same secure hardware element.  In both
+      cases, application performance may be improved since public keys
+      can be generated in a general-purpose execution environment
+      instead of a secure enclave.
 
    *  *Enhanced forward secrecy*: The use of ARKG can facilitate forward
       secrecy in certain contexts.  For instance, section 8.5.4 of RFC