[OAUTH-WG] (no subject)

"Re: Contents of OAuth digest..." ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

I think that using "auth" with the fixed full sha256 hash is fine. The original response size reasons for truncating the hash in the definition of at_hash are no longer really neccicary in current browsers and networks. A new claim is fine. On 4/9/2021 11:03 AM, Brian Campbell wrote: > For a has

Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

For a hash of the access token in the proof JWT, discussion about whether to use the existing 'at_hash' claim or define a new 'ath' claim using only SHA-256 have been floating around since last year (https://mailarchive.ietf.org/arch/msg/oauth/QKMHo6gGRAaANadsAWWlSuRDzXA/

Re: [OAUTH-WG] Francesca Palombini's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Hi Mike! Thank you, it looks good to me. I have updated my ballot to reflect that. Francesca On 08/04/2021, 23:20, "Mike Jones" wrote: https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-34 incorporates the fixes you suggested. Thanks again,

Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

I would support that too but only if the way it's calculated would get aligned as well. If it remains being a fixed sha256 of the whole token rather than what at_hash does, using a new claim makes sense. Odesláno z iPhonu > 9. 4. 2021 v 5:38, Mike Jones : > >  > I had expected that we would