Yes, I think that is reasonable. There is no point to double encrypting the key.
> On Jul 30, 2015, at 4:57 PM, Mike Jones <[email protected]> wrote: > > I’m fine updating the draft to say that the symmetric key can be carried in > the “jwk” element in an unencrypted form if the JWT is itself encrypted. > That’s what you’re looking for, right? > > -- Mike > > From: OAuth [mailto:[email protected]] On Behalf Of John Bradley > Sent: Thursday, July 30, 2015 11:29 AM > To: Brian Campbell <[email protected]> > Cc: oauth <[email protected]> > Subject: Re: [OAUTH-WG] JWT PoP Key Semantics WGLC followup 2 (was Re: > proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?) > > Yes encrypting the claim should only be required when the entire JWT is not > encrypted. I will have a look. > > John B. > > On Jul 30, 2015, at 3:12 PM, Brian Campbell <[email protected] > <mailto:[email protected]>> wrote: > > I raised the below question during the WGLC back in March but never got any > response. > > JWE does add nontrivial size overhead to the message and in the case that a > JWT containing a symmetric confirmation key is already a JWE, the spec would > seem to require two layers of encryption and the associated over overhead > that comes with it - even though the key is already encrypted by the outer > JWE layer. > > I believe the draft should speak to how a symmetric key be represented as a > claim in the clear when the encryption of it is provided the JWE/JWT that > contains it. > > > On Mon, Mar 23, 2015 at 12:40 AM, Brian Campbell <[email protected] > <mailto:[email protected]>> wrote: > When the JWT is itself encrypted as a JWE, would it not be reasonable to have > a symmetric key be represented in the cnf claim with the jwk member as an > unencrypted JSON Web Key? > > Is such a possibility left as an exercise to the reader? Or should it be more > explicitly allowed or disallowed? > > > > _______________________________________________ > OAuth mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
