The applications we're talking about are **already** doing X.509 when they make HTTPS connections. It's not a new requirement. The only thing we're doing is using the certificate for JWT instead of HTTPS.
--RLB On Mon, Jun 10, 2024 at 11:15 PM Michael Jones <michael_b_jo...@hotmail.com> wrote: > As both I and Giuseppe pointed out, the requirement for applications to > use and understand X.509 certificates means that the draft is way beyond > the minimum complexity needed. > > > > Eliminate application-level X.509 (which is an anachronism that OAuth and > JOSE have moved away from), and I’ll support adoption of the next draft. > > > > -- Mike > > > > *From:* Richard Barnes <r...@ipv.sx> > *Sent:* Monday, June 10, 2024 8:11 PM > *To:* Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> > *Cc:* oauth <oauth@ietf.org> > *Subject:* [OAUTH-WG] Re: Call for adoption - PIKA > > > > In case it's not clear from other messages in this thread: I think this > draft should be adopted. It solves several pressing use cases, with the > minimal amount of complexity needed. > > > > --Richard > > > > On Mon, Jun 10, 2024 at 7:47 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > > All, > > This is an official call for adoption for the *Proof of Issuer Key > Authority (PIKA)* draft: > > https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/ > > > Please, reply *on the mailing list* and let us know if you are in favor > or against adopting this draft as WG document, by *June 24th*. > > Regards, > Rifaat & Hannes > > > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
