Definitely agree with this statement. That was the underlying intent of ISSUE-6 (Unclear requirements levels on fields). Because the document isn't structured in the way Russ describes, everything has to be optional. If it were structured according to key management, you could have a clear set of REQUIRED fields based on the mode (indicated by "alg"): -- Key transport (asymmetric) => kid / jku -- Key encipherment (symmetric) => kid -- Key agreement => kid, epk, apu, apv
Of course, these could be omitted if pre-negotiation is going on, but you would need to signal that, e.g., with SPI. --Richard On Fri, Apr 19, 2013 at 1:00 PM, Russ Housley <[email protected]> wrote: > As I have said in the past, this is the wrong question. The document > should be structured in a manner that tell which things are mandatory based > on the use of particular types of key management. > > Russ > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
