On Wed, Jul 30, 2025 at 2:53 AM Neil Madden <[email protected]> wrote:
> *1.1. > <https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#section-1.1>The > 'none' algorithm > <https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#name-the-none-algorithm>: > *After the sentence beginning “Although there are some legitimate > use-cases for Unsecured JWS”, I suggest adding this text: > > One of the legitimate use cases for Unsecured JWSs is OpenID Connect ID > Tokens secured by sending them over a TLS connection, as described in > Section 2 of [OpenID.Core]. Another legitimate use is unsigned request > objects, as described in Section 6.1 of [OpenID.Core]. > > > I’m open to adding something along these lines. I’ll raise a PR. > I thought the text in https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#section-1.1-4 provies pretty good and even-handed treatment as is. I think it'd be a mistake to list specific cases in the text here. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
