Thanks Tim – that was exactly the point that caused the working group to change to the current behavior.
From: Tim Bray [mailto:[email protected]] Sent: Monday, September 15, 2014 9:13 AM To: Stephen Kent Cc: Mike Jones; Kathleen Moriarty; [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31 On Mon, Sep 15, 2014 at 7:56 AM, Stephen Kent <[email protected]<mailto:[email protected]>> wrote: Also, in a reply to Tim, I think you argued that people have already implemented JOSE and so we ought not make any changes at this late stage. If that's what you said, I disagree emphatically. The IETF always warns implementers that specs may change until an RFC is published, and thus one implements a pre-RFC spec at risk. No; In theory I would entirely support requiring receivers of malformed messages to reject them. In practice, it’s problematic to say that the format is JSON, and then to require any particular policy concerning duplicate keys, because existing software generally doesn’t handle them in a consistent manner, and in particular may not even inform receiving software that dupes existed. Steve _______________________________________________ jose mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/jose -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
