It's optional to sign lots of content. For instance, OpenID Connect requests
can be signed or unsigned, depending upon the security properties desired.
"alg":"none" is used for such unsigned requests.
-- Mike
From: [email protected] [mailto:[email protected]] On Behalf Of Richard
Barnes
Sent: Wednesday, July 31, 2013 5:46 AM
To: [email protected]
Subject: [jose] Signature algorithm "none"
What's the use case for this? Can we delete it?
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
