It says, "The asymmetric key mechanism described above is conceptually similar to a certificate." near the end of https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-1
That kinda jumped out at me. I mean, I kinda see the point but it also seems like a pretty broad statement and potentially one that could be interpreted in unfavorable or unintended ways. Perhaps it should be left out? Otherwise maybe elaborate a bit on what is and what isn't similar to a certificate?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth