The conversation about "typ" has brought us back to a familiar question for this working group -- what are we trying to do here?
The current document is ambiguous on this topic. On the one hand, it mostly covers the crypto bases, with things like "alg" and "enc". On the other hand, it mixes in application design concepts like "typ" and "crit". The result is a spec that's ambiguous in purpose and complex. If I'm building an application with this, how do I decide what goes in the "crit" field, or what values to use for "typ"? The charter for this working group is not ambiguous on this topic. This group is chartered to do signing and encryption. The JOSE formats should carry the parameters needed to perform those operations. Anything else is extraneous, and in the spirit of "The perfect protocol is one from which nothing can be removed", should be removed. Now, I'm not going to be a hard-liner on this. I won't complain about "zip" and "cty", since they are clearly defined and have clear use cases. But "crit" and "typ" are so ambiguous and so little supported by use cases*, that they really should go. </rant> --Richard
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
