On Fri, Mar 31, 2017 at 11:46 AM, Nathaniel McCallum <[email protected]> wrote:
> On Thu, Mar 30, 2017 at 1:52 PM, Paragon Initiative Enterprises > Security Team <[email protected]> wrote: > (SNIP) > > Yes, it would be nice if the standard was less fragile in this area. > But you're asking for a major change to an existing standard after it > is published and many interoperable implementations exist. You have to > realize this is a (very) hard sell. > The alternative is to tell people don't use JOSE, it's a bad standard <https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid> and design a superior alternative to recommend instead. One that has actually been vetted by cryptography experts. Given only those two options, which would you rather see? Security Team Paragon Initiative Enterprises <https://paragonie.com/security>
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
