OK > On Aug 11, 2015, at 12:57 AM, Mike Jones <[email protected]> wrote: > > As discussed in the thread â[OAUTH-WG] JWT PoP Key Semantics WGLC followup 2 > (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?)â, > I will update the draft to say that the symmetric key can be carried in the > âjwkâ element in an unencrypted form if the JWT is itself encrypted. This > will happen in -04. > > -- Mike > > From: OAuth [mailto:[email protected]] On Behalf Of Brian Campbell > Sent: Sunday, March 22, 2015 11:41 PM > To: oauth > Subject: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted > JWT okay? > > When the JWT is itself encrypted as a JWE, would it not be reasonable to have > a symmetric key be represented in the cnf claim with the jwk member as an > unencrypted JSON Web Key? > > Is such a possibility left as an exercise to the reader? Or should it be more > explicitly allowed or disallowed? > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
