The "switch" does have to be a JOSE protocol element, because the JOSE protocol logic has to be self-contained. --Richard
On Mon, Apr 15, 2013 at 1:44 PM, Mike Jones <[email protected]>wrote: > Use of “spi” is one such possible “switch”. Use of the OAuth Dynamic > Client Registration specification to obtain keys or key references is > another. Other applications may choose exchange the keys other ways.**** > > ** ** > > The “switch” doesn’t have to be a JOSE protocol element. Although you > could consider the lack of a key indicator in the JOSE header to be a clear > indication in the JOSE protocol elements that the switch has been thrown, > meaning that it’s up to the application to use its logical to determine > which key(s) to use – which is a normal use case.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Richard Barnes > *Sent:* Monday, April 15, 2013 10:37 AM > > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: [jose] Feedback request on jose tracker issue #8: Should > we add a "spi" header field?**** > > ** ** > > 2 or 3**** > > ** ** > > All of the "1" responses are missing the point of SPI -- if you want to be > able to omit fields (as people seem to want to do), then you need a switch > to turn off "stand-alone mode". **** > > ** ** > > So responding "1" here is the same as responding "1" on the ISSUE-15 poll, > that at least one key indicator MUST be present. **** > > ** ** > > ** ** > > On Thu, Apr 11, 2013 at 7:58 PM, Karen O'Donoghue <[email protected]> > wrote:**** > > Issue #8 http://trac.tools.ietf.org/wg/jose/trac/ticket/8 proposes adding > an “spi” (security parameters index) header parameter to the JWS and JWE > specifications. This modification to the JOSE formats would allow for > signaling that pre-negotiated cryptographic parameters are being used, > rather than including those parameters in the JWS or JWE header. This > proposal has been written up as > http://tools.ietf.org/html/draft-barnes-jose-spi-00. **** > > **** > > Which of these best describes your preferences on this issue?**** > > 1. Have draft-barnes-jose-spi remain a separate specification that could > optionally also be supported by JWS and JWE implementations.**** > > 2. Incorporate draft-barnes-jose-spi into the JWS and JWE specifications > as a mandatory feature.**** > > 3. Incorporate draft-barnes-jose-spi into the JWS and JWE specifications > as an optional feature.**** > > 4. Another resolution (please specify in detail).**** > > 0. I need more information to decide.**** > > Your reply is requested by Friday, April 19th or earlier. **** > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
