Thanks - I've revised the text to use your proposed wording in my editor's draft.
-----Original Message----- From: jose [mailto:[email protected]] On Behalf Of Hollenbeck, Scott Sent: Friday, April 04, 2014 5:52 PM To: [email protected] Cc: Kaliski, Burt Subject: [jose] WG Last Call Comments: draft-ietf-jose-json-web-signature-25 Section 8: "Whenever TLS is used, a TLS server certificate check MUST be performed, per RFC 6125 [RFC6125]." I can't find the string "certificate check" in RFC 6125. I *think* the intention here is that the identity of the service provider MUST be verified using the procedures described in Section 6 of RFC 6125. Proposed text: OLD: "a TLS server certificate check MUST be performed, per RFC 6125" NEW: "the identity of the service provider encoded in the TLS server certificate MUST be verified using the procedures described in Section 6 of RFC 6125" Scott and Burt _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
