Thank you On Mon, Aug 10, 2015 at 9:57 PM, Mike Jones <michael.jo...@microsoft.com> wrote:
> As discussed in the thread â[OAUTH-WG] JWT PoP Key Semantics WGLC followup > 2 (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT > okay?)â, I will update the draft to say that the symmetric key can be > carried in the âjwkâ element in an unencrypted form if the JWT is itself > encrypted. This will happen in -04. > > > > -- Mike > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Brian > Campbell > *Sent:* Sunday, March 22, 2015 11:41 PM > *To:* oauth > *Subject:* [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in > encrypted JWT okay? > > > > When the JWT is itself encrypted as a JWE, would it not be reasonable to > have a symmetric key be represented in the cnf claim with the jwk member as > an unencrypted JSON Web Key? > > Is such a possibility left as an exercise to the reader? Or should it be > more explicitly allowed or disallowed? > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
