+1 for optional
> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] > On Behalf Of Breno > Sent: Friday, June 25, 2010 11:02 AM > To: Luke Shepard > Cc: hannes.tschofe...@gmx.net; OAuth WG > Subject: Re: [OAUTH-WG] proposal for signatures > > On Fri, Jun 25, 2010 at 10:51 AM, Luke Shepard > <lshep...@facebook.com> wrote: > >> What's the purpose of leaving out the key ID? > > It's one more field that developers have to learn and > configure and type in. > > We should keep the simple case simple, while allowing for > more complex > > cases. I think the fact that many providers now offer only > a single, > > shared secret is an indication that the key ID is not required. > > Are you arguing here that the key_id should be an optional > field, or that it should not be part of the specification at all? > > > On Jun 25, 2010, at 7:40 AM, Breno wrote: > > > > Key ids are an optimization in the case of rotating public > keys, but > > pretty much an operational requirement if you wish to support > > automatic rotation of shared keys. > > > > On Jun 23, 2010 2:56 AM, "Ben Laurie" <b...@google.com> wrote: > > > > On 22 June 2010 21:45, David Recordon <record...@gmail.com> wrote: > >> Hey Dick, in answering my quest... > > > > I don't understand why they are unnecessary no matter how keys are > > managed: if there's ever a possibility that you might have > more than > > one key for someone, then key IDs are a useful optimisation. > > > > Put it another way: what's the purpose of leaving out the key ID? > > > >> And yes, Applied Cryptography is worth reading. :) > >> > >> --David > >> > >> > >> On Tue, Jun 22, 2010 at 12:5... > > > > <ATT00001..txt> > > > > > > -- > Breno de Medeiros > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
