1. I expected to see the abstract and the introduction modified to compare this to taking the hash of an X.509 Subject Public Key Info structure rather than keeping the current comparison to a certificate. That is a more correct comparison.
2. I did miss in my last message summarizing the last call the question of keeping or removing symmetric keys. I don't remember what your final position was on this. Please verify for me. 3. In section 3.2.2 - the first optional should not be in all upper case. It should match the capitalization that is in the title for the section. This location does not imply a protocol requirement. 4. In section 3.3 - ditto item 3 on the world REQURED, you are not making protocol statements here so lower case is more appropriate. 5. In section 3.3 - in paragraph two - s/as the REQURED members/as the members/ - it is not expected to be true for optional members either. 6. In section 4 - I think that the statement that stringify would be used for emitting the JSON object to be used for hash input is false. This paragraph needs to be updated to reflect consistency. Saying in the first sentence - use stringify and in the last sentence don't use stringify is not helpful. 7. Please explain why you think the following references are normative: JWE, SHS Jiim _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
