[Adding the working group to this thread so they’re aware of the discussion between our Security Area Directors on this]
From: Kathleen Moriarty [mailto:[email protected]] Sent: Thursday, October 02, 2014 5:30 AM To: Stephen Farrell Cc: The IESG; [email protected]; [email protected] Subject: Re: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT) On Thu, Oct 2, 2014 at 8:20 AM, Stephen Farrell <[email protected]<mailto:[email protected]>> wrote: sorry forgot about that... On 02/10/14 13:04, Kathleen Moriarty wrote: > Yes, I mentioned the duplicate member name discussion in a couple of > the draft's ballot text. There isn't really a great answer at this > time unfortunately. This particular item came up in my AD review as > well as in a SecDir review. It took some digging, but the problem is > at least better understood now. There may be a way to fix it with a > draft that updates if I-JSON turns out to be a good way to handle > this. The problem is deployed code. I flagged it in case anyone in > the IESG had an opinion. I'd love to see the right thing get done, > but it may have to wait for a draft that updates these. Opinions are > welcome. At a comment level, I'd say leave things as they are. Adding the I-JSON requirement would be premature I think as its not clear if libraries etc will or won't adopt that. If they don't then it'd be a meaningless requirement. If however, I-JSON does take off then JOSE code will be fine anyway without changing. Thanks, Stephen. I'm leaning the same way for now. It looks like Pete hit this in a discuss, but just requesting a wording change as opposed the the more extensive changes discussed on list. I'll follow up to his message. S. -- Best regards, Kathleen
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
