I’ve gone through all the review feedback and agree with most of it. There’s
only two of the comments that I have issues with.
I disagree with the suggestion (tracked in
https://github.com/erwah/ietf/issues/37) about claims that must be understood.
We shouldn’t force implementations to unders
Thanks for confirming this, Jim. Since that’s the case, I’m fine with us going
with requiring tags for the inner nested CWTs and dropping the use of the CWT
content-type for this purpose.
-- Mike
From: Jim Schaad [mailto:i...@augu
It is correct that the tag can be added and subtracted at will w/o changing
anything.
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Monday, May 15, 2017 2:17 PM
To: Samuel Erdtman ; Jim Schaad
Cc: ace
Subject: RE: [Ace] WGLC on draft-ietf-ace-cbor-web-token
I agree t
I'd say use a tag unless there is information from the context, such as a media
type or coap content format.
Sent from mobile
> On 15. May 2017, at 11:22, Samuel Erdtman wrote:
>
> Thanks for clarifications Jim, see my comments inline.
>
> Mike, there is a question for you inlined too.
>
>>
I agree that for nested CWTs, it’s OK to mandate that the appropriate tags be
prefixed to the inner CWT, if that’s the mechanism we decide to use to encode
and detect nested JWTs. That would then raise the question though, of whether
we also would continue to mandate the use of the CWT content-
Thanks for clarifications Jim, see my comments inline.
Mike, there is a question for you inlined too.
On Sun, May 14, 2017 at 10:12 PM, Jim Schaad wrote:
>
>
>
>
> *From:* Samuel Erdtman [mailto:sam...@erdtman.se]
> *Sent:* Sunday, May 14, 2017 3:40 AM
> *To:* Jim Schaad
> *Cc:* ace
> *Subjec
In short this draft focuses on the C to AS connection and
draft-gerdes-ace-dtls-authorize focuses on the C to RS connection.
This draft details on how to use RPK or PSK as client credentials to setup
the (D)TLS between C and AS while draft-gerdes-ace-dtls-authorize provides
details for how to use