Hi Mike, Thanks for the response.
If you indeed think that all header parameters can be configured out of band (or guessed) then it would be good to state that assumption in the example. For real-world practicability purposes I would assume that the key identifier is present (regardless whether the keying material is statically or dynamically provisioned). Somehow the right key has to be selected and you want to make it robust (particularly when keys can be cached and multiple keys may be used at the same time, for example, for key roll-over). Ciao Hannes On 11/28/12 8:01 AM, "Mike Jones" <[email protected]> wrote: > It may contain the key ID, or like many things OAuth, it may know which key to > use by other means. For instance, it may be supplied via dynamic > registration. > > -- Mike > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Hannes > Tschofenig > Sent: Monday, November 26, 2012 3:16 AM > To: [email protected] > Cc: Hannes Tschofenig > Subject: [jose] Key Identifier > > Hi all, > > In Appendix A.1 of the JWS document there is an example with an HMAC SHA-256 > keyed message digest. > > I would have assumed that the header contains the key id so that the > receipient can actually verify it. > > Ciao > Hannes > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
