Thank you, both! I'm glad to see this one resolved. FYI - I'll be at the Grace Hopper Celebration through Friday evening and may be slow to respond, but will be following along.
On Tue, Oct 7, 2014 at 9:06 PM, Mike Jones <[email protected]> wrote: > > -----Original Message----- > > From: Ted Lemon [mailto:[email protected]] > > Sent: Tuesday, October 07, 2014 10:30 AM > > To: John Bradley > > Cc: The IESG; Mike Jones; [email protected] > ; > > [email protected]; [email protected] > > Subject: Re: Ted Lemon's No Objection on > draft-ietf-oauth-json-web-token-27: > > (with COMMENT) > > > > On Oct 7, 2014, at 1:14 PM, John Bradley <[email protected]> wrote: > > > Encrypting and then signing is likely only a special case used by some > > applications that are configured to understand what is going on. > > > > This isn't really responsive to what I said. As I said, I'm just > asking you to be > > consistent, not to change the requirements. I don't think that text in > the > > security considerations section addresses the inconsistency I'm talking > about in a > > different section. That said, please don't continue to talk to me > about this. If > > you think there's an action to take, take it. If not, no need to > continue trying to > > explain. I'm okay with it either way. > > I'll plan to take the action described yesterday that you said you were OK > with - adding language about "If both signing and encryption are necessary" > in order to make the context of this advice clear. I believe that that > will improve the understanding of this guidance by many readers. > > Thanks again for the discussion, Ted. > > -- Mike > > -- Best regards, Kathleen
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
