Also be careful about your assumptions about the tokens themselves. While RFC 8555 makes requirements about base64url encoded token values, RFC 8823 does not make any requirements about the content of the "token-part2" text value.
Yes, I was misguided by the example. This is a strong argument for a plain string concatenation.
>From my reading, the RFC 8823 requirement text is sufficient to explain this but having an example of the pre-digest Key Authorization value would be helpful to clarify this. The example currently includes only the Key Authorization digest but not the intermediate concatenated value.
I agree. An example would be helpful to leave no room for interpretation. Thank you for your help! Best, Richard Körber _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
