I'll note for discussion purposes that a nonce and a timestamp are not the same
thing (although sometimes they are used to achieve similar/related goals). A
nonce tends to be an opaque value that must be preserved across the
communication. Whereas a timestamp typically has defined semantics - sometimes
simply a non-decreasing integer value - and sometimes a representation of time,
and then, sometimes with a uniqueness requirement.
For discussion purposes, I'll say that the simplest thing for us to do (should
we decide to do anything in this regard) would be to define the nonce as an
opaque string value that must be preserved.
We could also define a timestamp parameter, but as I wrote above, that would
likely require us to specify additional semantics - starting with whether it's
a non-decreasing integer or a representation of a time value. This seems much
harder to define and possibly to use than a nonce.
Would it make sense to define a nonce parameter now and hold off on defining a
timestamp parameter until there's a clear demonstrated use case for which a
nonce is not sufficient? That would be my personal recommendation.
Best wishes,
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Jim
Schaad
Sent: Friday, August 17, 2012 12:05 AM
To: [email protected]
Subject: [jose] POLL: Nonce/Timestamp parameter
<CHAIR>
If you voted at the face-2-face please do not vote again. If you want to
provide comments please change the title from POLL to DISCUSS.
Do we need to define a nonce/timestamp parameter in the base specification?
Room vote: 6 yes, 0 no, 1 discuss
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
