I think the recommendation comes form the fact that AS might be better at generating good quality keys as stated by Robin (in another thread).
Since it is a recommendation I think it is fine to keep it with some motivating text. Cheers //Samuel On Thu, Aug 24, 2017 at 11:03 AM, Ludwig Seitz <[email protected]> wrote: > Hello list, > > I've got a very specific question about an issue raised by Jim Schaad ( > https://github.com/LudwigSeitz/ace-oauth/issues/98): > > Currently the draft RECOMMENDS to disallow the client from choosing a > specific symmetric key for proof-of-possession (i.e. we want the AS to > generate one) when interacting with the /token endpoint at the AS. > > I cannot remember why we specified it that way, so should we drop that > recommendation? > > > /Ludwig > > -- > Ludwig Seitz, PhD > Security Lab, RISE SICS > Phone +46(0)70-349 92 51 > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
