As discussed in the thread â[OAUTH-WG] JWT PoP Key Semantics WGLC followup 2
(was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?)â, I
will update the draft to say that the symmetric key can be carried in the âjwkâ
element in an unencrypted form if the JWT is itself encrypted. This will
happen in -04.
-- Mike
From: OAuth [mailto:[email protected]] On Behalf Of Brian Campbell
Sent: Sunday, March 22, 2015 11:41 PM
To: oauth
Subject: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT
okay?
When the JWT is itself encrypted as a JWE, would it not be reasonable to have a
symmetric key be represented in the cnf claim with the jwk member as an
unencrypted JSON Web Key?
Is such a possibility left as an exercise to the reader? Or should it be more
explicitly allowed or disallowed?
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
