Thank you On Fri, Aug 28, 2015 at 7:04 PM, Mike Jones <michael.jo...@microsoft.com> wrote:
> This was added at the end of Section 3.2 in -04 > <http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-04>. > Thanks again for the practical feedback, Brian! > > > > -- Mike > > > > *From:* John Bradley [mailto:ve7...@ve7jtb.com] > *Sent:* Tuesday, August 11, 2015 4:05 PM > *To:* Mike Jones > *Cc:* Brian Campbell; oauth > *Subject:* Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in > encrypted JWT okay? > > > > OK > > On Aug 11, 2015, at 12:57 AM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > > > As discussed in the thread â[OAUTH-WG] JWT PoP Key Semantics WGLC followup > 2 (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT > okay?)â, I will update the draft to say that the symmetric key can be > carried in the âjwkâ element in an unencrypted form if the JWT is itself > encrypted. This will happen in -04. > > > > -- Mike > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org <oauth-boun...@ietf.org>] *On > Behalf Of *Brian Campbell > *Sent:* Sunday, March 22, 2015 11:41 PM > *To:* oauth > *Subject:* [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in > encrypted JWT okay? > > > > When the JWT is itself encrypted as a JWE, would it not be reasonable to > have a symmetric key be represented in the cnf claim with the jwk member as > an unencrypted JSON Web Key? > > Is such a possibility left as an exercise to the reader? Or should it be > more explicitly allowed or disallowed? > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
