+1 for optional
> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Breno > Sent: Friday, June 25, 2010 11:02 AM > To: Luke Shepard > Cc: [email protected]; OAuth WG > Subject: Re: [OAUTH-WG] proposal for signatures > > On Fri, Jun 25, 2010 at 10:51 AM, Luke Shepard > <[email protected]> wrote: > >> What's the purpose of leaving out the key ID? > > It's one more field that developers have to learn and > configure and type in. > > We should keep the simple case simple, while allowing for > more complex > > cases. I think the fact that many providers now offer only > a single, > > shared secret is an indication that the key ID is not required. > > Are you arguing here that the key_id should be an optional > field, or that it should not be part of the specification at all? > > > On Jun 25, 2010, at 7:40 AM, Breno wrote: > > > > Key ids are an optimization in the case of rotating public > keys, but > > pretty much an operational requirement if you wish to support > > automatic rotation of shared keys. > > > > On Jun 23, 2010 2:56 AM, "Ben Laurie" <[email protected]> wrote: > > > > On 22 June 2010 21:45, David Recordon <[email protected]> wrote: > >> Hey Dick, in answering my quest... > > > > I don't understand why they are unnecessary no matter how keys are > > managed: if there's ever a possibility that you might have > more than > > one key for someone, then key IDs are a useful optimisation. > > > > Put it another way: what's the purpose of leaving out the key ID? > > > >> And yes, Applied Cryptography is worth reading. :) > >> > >> --David > >> > >> > >> On Tue, Jun 22, 2010 at 12:5... > > > > <ATT00001..txt> > > > > > > -- > Breno de Medeiros > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
