Maybe this was apparent from my comments/questions on the SPI proposal over the last couple days[1] but I have concerns that run the gamut from operational complexity and fragility to security problems. I believe strongly that, without considerably more analysis and specification detail, the current SPI work is much too risky to consider go in the current base JOSE WG drafts.
As an alternative I'd like to request/propose that the SPI stuff be submitted as new I-D to help facilitate that additional discussion and analysis that I think it needs. Thanks, Brian [1] http://www.ietf.org/mail-archive/web/jose/current/msg01500.html
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
