subject:"\[OAUTH\-WG\] Nesting Signatures and Encryption JWT Tokens"

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread John Bradley

: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens https://tools.ietf.org/html/rfc7519#section-11.2 https://tools.ietf.org/html/rfc7519#section-11.2 It is in the JWT spec. You can do it both ways however you really need a good reason not to sign then encrypt

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread Brian Campbell

:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *John Bradley *Sent:* Friday, July 17, 2015 7:45 AM *To:* Malla Simhachalam mallasimhacha...@gmail.com *Cc:* oauth@ietf.org *Subject:* Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens https://tools.ietf.org/html/rfc7519#section

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread Nat Sakimura

Subject: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens https://tools.ietf.org/html/rfc7519#section-11.2 It is in the JWT spec. You can do it both ways however you really need a good reason not to sign then encrypt, and then after you have a good reason you should still sign

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread Mike Jones

...@gmail.commailto:mallasimhacha...@gmail.com Cc: oauth@ietf.orgmailto:oauth@ietf.org Subject: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens https://tools.ietf.org/html/rfc7519#section-11.2https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2frfc7519%23section-11.2data=01%7c01

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread Justin Richer

, -- Mike From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley Sent: Friday, July 17, 2015 7:02 AM To: Brian Campbell Cc: oauth Subject: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens They provide integrity protection for the encryption

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread Mike Jones

That’s what test vectors and interop testing are for! From: Justin Richer [mailto:jric...@mit.edu] Sent: Friday, July 17, 2015 10:38 AM To: Mike Jones Cc: John Bradley; Brian Campbell; oauth@ietf.org Subject: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens Unless you’re implementing

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-17 Thread John Bradley

. Cheers, -- Mike From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley Sent: Friday, July 17, 2015 7:02 AM To: Brian Campbell Cc: oauth Subject: Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-16 Thread John Bradley

https://tools.ietf.org/html/rfc7519#section-11.2 https://tools.ietf.org/html/rfc7519#section-11.2 It is in the JWT spec. You can do it both ways however you really need a good reason not to sign then encrypt, and then after you have a good reason you should still sign then encrypt because

[OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

2015-07-16 Thread Malla Simhachalam

Hi, I am looking at the spec https://datatracker.ietf.org/doc/rfc7520/?include_text=1 for combining JWS and JWE use case, I could not find it obvious that a JSON document should be signed first and then encrypt or other way around.Are there any recommendations one over the other? Thanks for

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

[OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

9 matches

Site Navigation

Mail list logo

Footer information