#89: Section 8. Security Considerations A. s/private/private key/ in the second sentence
B. para #2 - There is no real concept of a key by itself having trust. What is generally trusted is going to be a question of what data is bound to the key that has trust. This paragraph needs to be updated to reflect that. C. para #5 - Is it going to be self-evident to a novice which items are specifically XML and which are not? Are there so many unique ones that we cannot just copy them here? This seems to be the only reason to reference the document and it comes out of the blue why it would be of interest. D. para #6 - This is a set of requirements on how to use TLS and not security considerations. E. Missing comment about the relative strength of the algorithm used to protect a private key and the private key itself. F. RFC 3447 - does not have an easily identifiable security considerations section. Should probably be omitted as a reference and listed if they are of importance G. RFC 6030 - you have not dealt with section 13.2 or section 13.3 in this document. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: key | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <https://grenache.tools.ietf.org/wg/jose/trac/ticket/89> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
