As the author of the draft, I support option 2. With a nod to Brian, I’d also be happy swapping “legitimate” with another word like “historical”.
> On 3 Feb 2026, at 05:41, Karen ODonoghue <[email protected]> wrote: > > JOSE Working Group Members, > > We are following up on discussions at IETF 124 on > draft-madden-jose-deprecate-none-rsa15. > > Firstly, thank you to Neil for your work on this draft and to those who have > provided review thus far. > > The one remaining outstanding item for this draft is whether to add text to > capture legitimate use cases of "none" as suggested by Mike in his review > https://mailarchive.ietf.org/arch/msg/jose/Z4IJGxKubk81LK8ZKYjY3prPmis/ > > This was discussed in Montreal, with views both for and against this > addition, and we agreed to follow up with discussion on list. With that in > mind, we’d like to ask for a rough consensus on which of the following two > choices you prefer: > > Option 1) Change the text in Section 1.1 to include the following suggested > text: > "One of the legitimate use cases for Unsecured JWSs is OpenID Connect ID > Tokens secured by sending them over a TLS connection, as described in Section > 2 of [OpenID.Core]. Another legitimate use is unsigned request objects, as > described in Section 6.1 of [OpenID.Core].” > > Option 2) Leave the text in Section 1.1 as it currently is: > "Although there are some legitimate use-cases for Unsecured JWS, these are > relatively few in number and can easily be satisfied by alternative means.” > > In the absence of a compromise on some alternative text that is agreed to by > rough consensus, we will need to make a choice between the two above > approaches. > > Please respond to this email with your preference for Option 1 or Option 2. > Please provide a short rationale. so we can capture the view of the Working > Group and move this draft forward. > > This consensus call will last for two weeks ending on Tuesday, 17 February > 2026. > > Thanks, > JOSE Chairs > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
