FYI, the -32 and -26 drafts now use the terms Unsecured JWS and Unsecured
JWT.
-Original Message-
From: jose [mailto:jose-boun...@ietf.org] On Behalf Of Mike Jones
Sent: Friday, September 19, 2014 11:17 AM
To: Warren Kumari
Cc: sec...@ietf.org; Richard Barnes;
On Wed, Sep 17, 2014 at 12:40 PM, Mike Jones
michael.jo...@microsoft.com wrote:
Yes, this was already extensively discussed. It was covered in issue #36
http://trac.tools.ietf.org/wg/jose/trac/ticket/36 and the related working
group e-mail thread. It was also a topic during multiple interim
This was discussed in the thread
http://www.ietf.org/mail-archive/web/oauth/current/msg11315.html and prior to
that, as JOSE issue #17 http://trac.tools.ietf.org/wg/jose/trac/ticket/17.
-Original Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Friday, September 19, 2014
On Tuesday, September 16, 2014, Richard Barnes r...@ipv.sx wrote:
I will re-iterate here my strong preference that an unsecured or
plaintext JWS object be syntactically distinct from a real JWS object.
E.g. by having two dot-separated components instead of three.
So, *I* was just grumping
Yes, this was already extensively discussed. It was covered in issue #36
http://trac.tools.ietf.org/wg/jose/trac/ticket/36 and the related working group
e-mail thread. It was also a topic during multiple interim working group
calls. As noted by Karen O’Donoghue (one of the chairs) in the
cc'ing JOSE on a minor JWT review comment that might impact JWS/JWA.
I agree that plaintext” is not the most intuitive wording choice and that
unsecured might better convey what's going on with the none JWS
algorithm.
Mike mentioned that, if this change is made in JWT, there are parallel
changes