Richard has a point here. Here is the description from:
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-05#section-4.3
The semantic of the kid is not defined.
So the question is not so much whether it is sufficiently defined but
more "does it matter that it is not defined?"
The answer depends on what you want to use the key id for. If you ever
have to assume a structure of the kid then you will have a problem. This
could, for example, happen when you use it to make some authorization
decisions and when you compare it against some existing other identities.
I am not even sure what the kid references. Does it always reference a
key that is included in the payload it self or does it reference a key
that is external to the payload? Will you ever have the case that you
need to use part of the identifier structure to find the key? (e.g., to
discover the right server where the key is stored?)
On 08/28/2012 11:02 AM, Richard Barnes wrote:
I voted "NO" on this in the room, because I don't understand it. Could one of you
"YES" voters explain it?
What does "kid" mean in the context of a public-key wrapped key? Is it a
public key? If so, in what format? How about in the context of key agreement?
Thanks,
--Richard
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
