I'd say this one->* any "enc" key published by the AS on its jwks_uri?
On Thu, Jul 25, 2019 at 3:50 PM Танги Ле Пенс <tangui.lepense= 40mail...@dmarc.ietf.org> wrote: > Dear all, > > draft-ietf-oauth-jwsreq-19 gives guidance on which key use to verify a > JWS' signature (the client's key) > (https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-19#section-6.2). > > However there no such guidance for JWE encryption: > > * any "enc" key published by the AS on its jwks_uri? > > * one specific key of the ones listed at the server's jwks_uri? If so, > how to indicate which one in particular? > > * out-of-band configuration? > > And should it be part of the specification? > > Regards, > > -- > > Tangui > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
