Dude, I cleared on the 10th :) On Tue, Oct 14, 2014 at 5:53 AM, Mike Jones <[email protected]> wrote:
> The proposed resolution below has been incorporated in the -28 draft. > Hopefully you can clear your DISCUSS on that basis. > > Thanks again, > -- Mike > > > -----Original Message----- > > From: OAuth [mailto:[email protected]] On Behalf Of Mike Jones > > Sent: Saturday, October 11, 2014 12:54 PM > > To: Richard Barnes > > Cc: [email protected]; oauth- > > [email protected]; The IESG; [email protected] > > Subject: Re: [OAUTH-WG] Richard Barnes' Discuss on > draft-ietf-oauth-json-web- > > token-27: (with DISCUSS and COMMENT) > > > > > From: Richard Barnes [mailto:[email protected]] > > > Sent: Friday, October 10, 2014 2:37 PM > > > To: Mike Jones > > > Cc: The IESG; [email protected]; [email protected]; > > > [email protected] > > > Subject: Re: [OAUTH-WG] Richard Barnes' Discuss on > > > draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT) > > > > > > On Mon, Oct 6, 2014 at 3:54 AM, Mike Jones > > <[email protected]> wrote: > > > Thanks for your review, Richard. My responses are inline below... > > > > > > > -----Original Message----- > > > > From: OAuth [mailto:[email protected]] On Behalf Of Richard > > > > Barnes > > > > Sent: Wednesday, October 01, 2014 7:57 PM > > > > To: The IESG > > > > Cc: [email protected]; [email protected]; > > > > draft-ietf-oauth-json-web- [email protected] > > > > Subject: [OAUTH-WG] Richard Barnes' Discuss on > > > > draft-ietf-oauth-json-web- > > > > token-27: (with DISCUSS and COMMENT) > > > > > > > > Richard Barnes has entered the following ballot position for > > > > draft-ietf-oauth-json-web-token-27: Discuss > > > > > > > > When responding, please keep the subject line intact and reply to > > > > all email addresses included in the To and CC lines. (Feel free to > > > > cut this introductory paragraph, however.) > > > > > > > > > > > > Please refer to > > > > http://www.ietf.org/iesg/statement/discuss-criteria.html > > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > > > > The document, along with other ballot positions, can be found here: > > > > http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > -- > > > > DISCUSS: > > > > -------------------------------------------------------------------- > > > > -- > > > > > > > > Section 7. > > > > In order to prevent confusion between secured and Unsecured JWTs, > > > > the validation steps here need to call for the application to > specify which is > > required. > > > > > > Per my response on your JWS comments, this is already handed in a more > > general way in the JWS validation steps. Specifically, the last > paragraph of > > Section 5.2 is: > > > > > > "Finally, note that it is an application decision which algorithms are > acceptable > > in a given context. Even if a JWS can be successfully validated, unless > the > > algorithm(s) used in the JWS are acceptable to the application, it > SHOULD reject > > the JWS." > > > > > > I've cleared this DISCUSS in the interest of having this fight over in > JWS thread. > > But I also added the following COMMENT: > > > "It would be good for this document to pass on the note from JWS about > > selecting which algorithms are acceptable, and in particular, whether > unsecured > > JWTs are acceptable." > > > > Thanks for clearing the DISCUSS. I'm fine repeating the note about > acceptable > > algorithms in the JWT spec, assuming others are. > > > > > I would therefore request that you likewise withdraw this DISCUSS on > that > > basis. > > > > -- Mike > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
