On Oct 6, 2014, at 3:54 AM, Mike Jones <[email protected]> wrote: > Sometimes authenticated encryption alone is good enough without requiring a > signature. Different applications will have different requirements. So > while this section discussion the applicable considerations, the working > group felt that it was going too far to make this prescriptive.
But if you don't need to sign the message, why sign it? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
