On Aug 4, 2011, at 8:52 AM, Eric Rescorla wrote: > IMO, symmetric integrity protection is a useful primitive, and it's > already part of the > JWT spec. I think all that's required here in the charter is to > wordsmith it to separate > out symmetric from asymmetric integrity algorithms,
Current: 1) A Standards Track document specifying how to apply a JSON-structured digital signature to data, including (but not limited to) JSON data structures. "Digital signature" is defined as a hash operation followed by a signature operation using asymmetric keys. It sounds like you would prefer something like: 1) A Standards Track document specifying how to apply integrity protection to data, including (but not limited to) JSON data structures. This integrity protection can be achieved with both symmetric and asymmetric algorithms. Is that right? --Paul Hoffman _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
