I wasn't necessarily suggesting to drop the kid one. On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura <sakim...@gmail.com> wrote:
> +1 for dropping kid in favor of thumbprint. > 2015年3月23日(月) 12:56 Brian Campbell <bcampb...@pingidentity.com>: > > Yeah, it could be done with kid. But that would require a bit more >> out-of-band understanding between the parties to know that the kid is, in >> fact, a thumbprint. Seems like it'd be better to outright support a >> thumbprint rather than overloading kid, if thumbprint representation of the >> key for confirmation is desirable. >> >> And yes, a thumbprint does have some nice properties. But I am also very >> sympathetic to the "too many ways is not good for interop" point. That's >> kind of why I asked what others thought of it rather than just making a >> suggestion. I'm not sure one way or the other myself. >> >> On Mon, Mar 23, 2015 at 2:11 AM, Nat Sakimura <sakim...@gmail.com> wrote: >> >>> Would not kid do? >>> Right, thumbprint has more semantics and has nice properties, but having >>> too many ways is not good for interop. >>> >>> Nat >>> >>> 2015-03-23 15:40 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com>: >>> >>>> Do folks in the WG think there'd be utility in having a way to identity >>>> the finger/thumbprint of a key in the cnf claim. A presenter might, for >>>> example, present the JWT along with a public JWK and some >>>> proof-of-possession of that JWK. And the JWK would be bound to the JWT via >>>> the thumbprint, which is more space efficient (with respect to the JWT >>>> anyway) than the full JWK. >>>> >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> >>> >>> >>> -- >>> Nat Sakimura (=nat) >>> Chairman, OpenID Foundation >>> http://nat.sakimura.org/ >>> @_nat_en >>> >> >>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
