I am of the opinion that the existing text is fine and doesn't need further prose that links to the individual, albeit legitimate at the time (but not really...), use cases.
S pozdravem, *Filip Skokan* On Wed, 30 Jul 2025 at 21:30, Michael Jones <[email protected]> wrote: > The use cases that I’m asking to have added for reference are about “alg”: > “none”, so readers will know why it exists and how it is used – not > “RSA1_5”. I agree with Brian that the text describing “RSA1_5” is already > fine. > > > > -- Mike > > > > *From:* Brian Campbell <[email protected]> > *Sent:* Wednesday, July 30, 2025 11:02 AM > *To:* Neil Madden <[email protected]> > *Cc:* Michael Jones <[email protected]>; [email protected]; > [email protected] > *Subject:* Re: [jose] Re: Review of > draft-ietf-jose-deprecate-none-rsa15-02 > > > > > > On Wed, Jul 30, 2025 at 2:53 AM Neil Madden <[email protected]> > wrote: > > *1.1. > <https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#section-1.1>The > 'none' algorithm > <https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#name-the-none-algorithm>: > *After the sentence beginning “Although there are some legitimate > use-cases for Unsecured JWS”, I suggest adding this text: > > One of the legitimate use cases for Unsecured JWSs is OpenID Connect ID > Tokens secured by sending them over a TLS connection, as described in > Section 2 of [OpenID.Core]. Another legitimate use is unsigned request > objects, as described in Section 6.1 of [OpenID.Core]. > > > > I’m open to adding something along these lines. I’ll raise a PR. > > > > I thought the text in > https://www.ietf.org/archive/id/draft-ietf-jose-deprecate-none-rsa15-02.html#section-1.1-4 > provies pretty good and even-handed treatment as is. I think it'd be a > mistake to list specific cases in the text here. > > > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
