On Fri, Jun 25, 2010 at 10:51 AM, Luke Shepard <lshep...@facebook.com> wrote: >> What's the purpose of leaving out the key ID? > It's one more field that developers have to learn and configure and type in. > We should keep the simple case simple, while allowing for more complex > cases. I think the fact that many providers now offer only a single, shared > secret is an indication that the key ID is not required.
Are you arguing here that the key_id should be an optional field, or that it should not be part of the specification at all? > On Jun 25, 2010, at 7:40 AM, Breno wrote: > > Key ids are an optimization in the case of rotating public keys, but pretty > much an operational requirement if you wish to support automatic rotation of > shared keys. > > On Jun 23, 2010 2:56 AM, "Ben Laurie" <b...@google.com> wrote: > > On 22 June 2010 21:45, David Recordon <record...@gmail.com> wrote: >> Hey Dick, in answering my quest... > > I don't understand why they are unnecessary no matter how keys are > managed: if there's ever a possibility that you might have more than > one key for someone, then key IDs are a useful optimisation. > > Put it another way: what's the purpose of leaving out the key ID? > >> And yes, Applied Cryptography is worth reading. :) >> >> --David >> >> >> On Tue, Jun 22, 2010 at 12:5... > > <ATT00001..txt> > -- Breno de Medeiros _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
