#101: Discussion on evaluation of multiple signers is missing from the document
There needs to be a section that describes the fact that multiple
signatures can occur and how to deal with this fact. There are going to
be two general ways approaches that are used: one signature validating is
sufficient or all signatures need to validate. This choice is generally
made by the application and not the library for evaluation.
As part of this, all of the locations in this document that say "If ...
then the JWS MUST be rejected" need to be modified as only the signature
that is being validated is going to be rejected and not the entirety of
the JWS object.
As part of this discussion, there perhaps should be a discussion of
what types of rejection are to be dealt with. Something not being
validated because the algorithm is not understood may be treated
differently than the
--
-------------------------+-------------------------------------------------
Reporter: | Owner: draft-ietf-jose-json-web-
[email protected] | [email protected]
Type: defect | Status: new
Priority: major | Milestone:
Component: json-web- | Version:
signature | Keywords:
Severity: - |
-------------------------+-------------------------------------------------
Ticket URL: <https://grenache.tools.ietf.org/wg/jose/trac/ticket/101>
jose <http://tools.ietf.org/jose/>
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
