Hello list,
I've got a very specific question about an issue raised by Jim Schaad
(https://github.com/LudwigSeitz/ace-oauth/issues/98):
Currently the draft RECOMMENDS to disallow the client from choosing a
specific symmetric key for proof-of-possession (i.e. we want the AS to
generate one) when interacting with the /token endpoint at the AS.
I cannot remember why we specified it that way, so should we drop that
recommendation?
/Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
