You’re welcome. Thanks, as always, for the useful feedback that improved the specification.
From: Brian Campbell [mailto:[email protected]] Sent: Monday, August 31, 2015 1:47 PM To: Mike Jones Cc: oauth Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay? Thank you On Fri, Aug 28, 2015 at 7:04 PM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: This was added at the end of Section 3.2 in -04<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-oauth-proof-of-possession-04&data=01%7c01%7cMichael.Jones%40microsoft.com%7c8fc6894cabb2401f16d108d2b24568c4%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ziYwMBX86u%2bC97p3VONieq8E%2bYNhXEEUVYcH2cn12nc%3d>. Thanks again for the practical feedback, Brian! -- Mike From: John Bradley [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, August 11, 2015 4:05 PM To: Mike Jones Cc: Brian Campbell; oauth Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay? OK On Aug 11, 2015, at 12:57 AM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: As discussed in the thread “[OAUTH-WG] JWT PoP Key Semantics WGLC followup 2 (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?)”, I will update the draft to say that the symmetric key can be carried in the “jwk” element in an unencrypted form if the JWT is itself encrypted. This will happen in -04. -- Mike From: OAuth [mailto:[email protected]] On Behalf Of Brian Campbell Sent: Sunday, March 22, 2015 11:41 PM To: oauth Subject: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay? When the JWT is itself encrypted as a JWE, would it not be reasonable to have a symmetric key be represented in the cnf claim with the jwk member as an unencrypted JSON Web Key? Is such a possibility left as an exercise to the reader? Or should it be more explicitly allowed or disallowed? _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c8fc6894cabb2401f16d108d2b24568c4%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ybBu1UvIY329rAf0U%2fF165BzKHKaXOqzGmf2B1FiZO4%3d>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
