Thanks Ludwig, -31 is improved with regard to my previous concerns about 'exi'
On Sat, Jan 18, 2020 at 9:22 AM Ludwig Seitz <ludwig_se...@gmx.de> wrote: > On 2020-01-13 22:01, Brian Campbell wrote: > > Thanks for the updates Lugwig, > > > > Section 6.6. does propose one mitigation for the unbounded memory growth > > problem. However, it relies on the AS to do pretty specific things with > > the content of other claims for it to even be possible for an RS to > > perform the mitigation approach. Do you think, for interoperability, it > > needs to be more prescriptive? Like maybe requiring the cti/jti claim > > with specific content and characteristics when exi is present or > > embedding/encoding that sequence number in the value of the exi itself > > alongside the lifetime of the token. > > > > > > This sounds like a reasonable requirement. I'm even inclined to make > that a MUST and not just a SHALL. Next update coming soon. > > /Ludwig > > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace