Yes, kid could do it. It just seemed less than idea and that, for confirmation, it might be useful to explicitly say "this is the thumbprint of the key that'll confirm this JWT" rather than "here's something that points to a key for confirmation and in some cases it might be a thumbprint".
But I just wanted to ask the question to gauge interest. And it seems there's not much. It could be added later too, if more need for it arises. On Mon, Mar 23, 2015 at 1:55 PM, Nat Sakimura <sakim...@gmail.com> wrote: > ok, this is a full circle to my original comment "Would not kid do? " > 2015年3月23日(月) 13:52 Brian Campbell <bcampb...@pingidentity.com>: > > I wasn't necessarily suggesting to drop the kid one. >> >> On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura <sakim...@gmail.com> wrote: >> >>> +1 for dropping kid in favor of thumbprint. >>> 2015年3月23日(月) 12:56 Brian Campbell <bcampb...@pingidentity.com>: >>> >>> Yeah, it could be done with kid. But that would require a bit more >>>> out-of-band understanding between the parties to know that the kid is, in >>>> fact, a thumbprint. Seems like it'd be better to outright support a >>>> thumbprint rather than overloading kid, if thumbprint representation of the >>>> key for confirmation is desirable. >>>> >>>> And yes, a thumbprint does have some nice properties. But I am also >>>> very sympathetic to the "too many ways is not good for interop" point. >>>> That's kind of why I asked what others thought of it rather than just >>>> making a suggestion. I'm not sure one way or the other myself. >>>> >>>> On Mon, Mar 23, 2015 at 2:11 AM, Nat Sakimura <sakim...@gmail.com> >>>> wrote: >>>> >>>>> Would not kid do? >>>>> Right, thumbprint has more semantics and has nice properties, but >>>>> having too many ways is not good for interop. >>>>> >>>>> Nat >>>>> >>>>> 2015-03-23 15:40 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com> >>>>> : >>>>> >>>>>> Do folks in the WG think there'd be utility in having a way to >>>>>> identity the finger/thumbprint of a key in the cnf claim. A presenter >>>>>> might, for example, present the JWT along with a public JWK and some >>>>>> proof-of-possession of that JWK. And the JWK would be bound to the JWT >>>>>> via >>>>>> the thumbprint, which is more space efficient (with respect to the JWT >>>>>> anyway) than the full JWK. >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> OAuth mailing list >>>>>> OAuth@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Nat Sakimura (=nat) >>>>> Chairman, OpenID Foundation >>>>> http://nat.sakimura.org/ >>>>> @_nat_en >>>>> >>>> >>>> >>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
