It may contain the key ID, or like many things OAuth, it may know which key to
use by other means. For instance, it may be supplied via dynamic registration.
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Hannes
Tschofenig
Sent: Monday, November 26, 2012 3:16 AM
To: [email protected]
Cc: Hannes Tschofenig
Subject: [jose] Key Identifier
Hi all,
In Appendix A.1 of the JWS document there is an example with an HMAC SHA-256
keyed message digest.
I would have assumed that the header contains the key id so that the receipient
can actually verify it.
Ciao
Hannes
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
