> Would it make sense to report a bug on clarifying the signing operation > (i.e. PKCS1 vs. "pure" RSA signing), or is that something that should > be discussed here first?
Avoiding developer confusion is generally a good reason for clarifications, though I doubt reporting a bug on this specific point makes sense. Trying "pure" RSA signing was never a good choice as no one does that (and shouldn't do it). The organisation between JWS/JWE/JWA/JWK/... is not great. Fixing that might help if it puts detailed examples closer to the definition of the algorithms they use. -- James Manger _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
