> obviously we can't use any sensitive keys with these That's not true at all, public clients can use keys that they create themselves or are issued to a particular instance. That's one of the reasons we are giving a name to this type of client in OAuth 2.1, a "credentialed" client.
A public client clearly can't share credentials with other instances of the public client, but there's no reason they can't use a key that is only ever known to them. On Thu, Oct 7, 2021 at 9:06 PM Ash Narayanan <ashvinnaraya...@gmail.com> wrote: > Oh geez, yesterday was my day off but ended up down a deep rabbit hole > after reading this draft and the ones that came before it. > > I do not support adoption and was going to list my reasons but Warren > Parad beat me to it. > > In addition to the list he has provided, I'd also like to see the draft > make a mention of public clients; obviously we can't use any sensitive keys > with these. > > > Regards, > Ash > > On Thu, Oct 7, 2021 at 11:02 PM Neil Madden <neil.mad...@forgerock.com> > wrote: > >> Canonicalised signature schemes inevitably lead to cryptographic doom, >> and should die with SAML (ha!). For that reason I do not support adoption >> of this draft. >> >> I also think the arguments for canonicalisation vanish as soon as you >> want end-to-end confidentiality too. >> >> — Neil >> >> On 6 Oct 2021, at 22:02, Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> >> wrote: >> >> >> All, >> >> As a followup on the interim meeting today, this is a *call for adoption >> *for the *OAuth Proof of Possession Tokens with HTTP Message Signature* draft >> as a WG document: >> https://datatracker.ietf.org/doc/draft-richer-oauth-httpsig/ >> >> Please, provide your feedback on the mailing list by* October 20th*. >> >> Regards, >> Rifaat & Hannes >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> Manage My Preferences <https://preferences.forgerock.com/>, Unsubscribe >> <https://preferences.forgerock.com/> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- --- Aaron Parecki https://aaronparecki.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
