Thanks David and Brian.
Unless there are any concerns with adopting the alternative text, I would
suggest the following for the errata in section 7.2 bullet 5:
Original Text
-------------
5. Verify that the resulting JOSE Header includes only parameters
and values whose syntax and semantics are both understood and
supported or that are specified as being ignored when not
understood.
Corrected Text
--------------
5. Verify the resulting JOSE Header according to RFC7515 or RFC7516.
Cheers
Pieter
From: David Waite <[email protected]>
Sent: Monday 5 August 2024 22:43
To: Pieter Kasselman <[email protected]>
Cc: Paul Wouters <[email protected]>; RFC Errata System
<[email protected]>; [email protected]; [email protected]
Subject: [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
On Aug 5, 2024, at 1:52 PM, Pieter Kasselman
<[email protected]<mailto:[email protected]>>
wrote:
I tried to keep the changes to additional text that would scope the processing
rules more precisely for the JWT/JWS/JWE cases (point 7 in the processing steps
references JWS and JWE separately, so thought I would propose text that does
something similar to that). The idea of additional text is that a reader who is
familiar may find it easier to process the delta.
However, if we want to change the text, I like your second option:
"Verify the resulting JOSE Header according to RFC7515 or RFC7516."
I don’t think we should delete the bullet completely.
Cheers
Pieter
I prefer this over the current text, which might be incorrectly construed to
provide counter guidance to the “crit” protected header parameter.
-DW
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
