Hi!
I conducted an AD review of draft-ietf-oauth-jwk-thumbprint-uri-01. Thanks for
the work on this document. I have the following feedback which can be addressed
with other IETF Last Call reviews.
** Section 4. Editorial clarification on which field from the registry to use
and error handling is below:
OLD
Hash algorithm identifiers used in JWK Thumbprint URIs are strings
registered in the IANA "Named Information Hash Algorithm Registry"
[IANA.Hash.Algorithms].
NEW
Hash algorithm identifiers used in JWK Thumbprint URIs MUST be values from the
"Hash Name String" column in the IANA "Named Information Hash Algorithm
Registry" [IANA.Hash.Algorithms]. JWK Thumbprint URIs with hash algorithm
strings not found in this registry are considered invalid and the application
using these thumbprints will need to define an appropriate error handling
mechanism.
** From idnits:
== The document doesn't use any RFC 2119 keywords, yet seems to have RFC
2119 boilerplate text.
If the above isn't adopted, drop Section 2 since it doesn't appear to be needed.
Regards,
Roman
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
