#18: Address MAC key lifetime concerns
Comment (by [email protected]): As I have argued before, it is my strong opinion that option (1) is the simpler thing to do. There is no great complexity: The key wrapping mechanism is already defined in JWE, so this would simply apply it to JWS as well. Writing the proper considerations for option (2) would be much harder, because you have to specify what an OOB protocol needs to do. (Easier to just write the protocol!) Option (2) would also fail to address a known security gap in the base protocol, which seems irresponsible. This protocol needs to be secure without having to rely on something external. -- -------------------------+------------------------------------------------- Reporter: [email protected] | Owner: draft-ietf-jose-json-web- Type: defect | [email protected] Priority: major | Status: new Component: json-web- | Milestone: signature | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/18#comment:1> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
