What Happened
For a claim evaluated with redacted disclosure, the standard result body correctly withholds both the value and the satisfaction outcome (satisfied is None). But when the same result is rendered in the CCCEV JSON-LD format, the outcome is serialized as "cccev:isConformantTo": result.satisfied.unwrap_or(false) — so a redacted result surfaces cccev:isConformantTo: false.
In a deployment that allows both redacted disclosure and the CCCEV render format for a claim, a caller therefore receives a yes/no-looking conformance value that redaction is meant to withhold. redacted is documented and specified to reveal neither the value nor the outcome, so this is a redaction leak in the CCCEV render path.
Expected Behavior
A redacted result should withhold the outcome in every render. The CCCEV renderer should omit cccev:isConformantTo (or otherwise represent "no outcome") when satisfied is None, rather than defaulting it to false.
Reproduction
- Configure a claim that permits
redacted disclosure and the CCCEV evidence render format.
- Evaluate it with
redacted disclosure.
- The CCCEV JSON-LD node carries
"cccev:isConformantTo": false, even though the outcome should be withheld.
- Relevant code:
render_cccev_evidence_node (in the notary server runtime) uses result.satisfied.unwrap_or(false), while view_claim sets satisfied = None for the redacted disclosure profile.
Environment
Found by code inspection of the current default branch, during documentation review of #174. Affects the Notary CCCEV render path.
Privacy note: redaction is intended to reveal neither value nor outcome, so maintainers may want to assess severity and whether this belongs on a security-advisory track rather than a public issue.
What Happened
For a claim evaluated with
redacteddisclosure, the standard result body correctly withholds both the value and the satisfaction outcome (satisfiedisNone). But when the same result is rendered in the CCCEV JSON-LD format, the outcome is serialized as"cccev:isConformantTo": result.satisfied.unwrap_or(false)— so a redacted result surfacescccev:isConformantTo: false.In a deployment that allows both
redacteddisclosure and the CCCEV render format for a claim, a caller therefore receives a yes/no-looking conformance value that redaction is meant to withhold.redactedis documented and specified to reveal neither the value nor the outcome, so this is a redaction leak in the CCCEV render path.Expected Behavior
A
redactedresult should withhold the outcome in every render. The CCCEV renderer should omitcccev:isConformantTo(or otherwise represent "no outcome") whensatisfiedisNone, rather than defaulting it tofalse.Reproduction
redacteddisclosure and the CCCEV evidence render format.redacteddisclosure."cccev:isConformantTo": false, even though the outcome should be withheld.render_cccev_evidence_node(in the notary server runtime) usesresult.satisfied.unwrap_or(false), whileview_claimsetssatisfied = Nonefor the redacted disclosure profile.Environment
Found by code inspection of the current default branch, during documentation review of #174. Affects the Notary CCCEV render path.
Privacy note: redaction is intended to reveal neither value nor outcome, so maintainers may want to assess severity and whether this belongs on a security-advisory track rather than a public issue.