: oauth
Subject: Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?
Would not kid do?
Right, thumbprint has more semantics and has nice properties, but having too
many ways is not good for interop.
Nat
2015-03-23 15:40 GMT+09:00 Brian Campbell
mailto:bcampb...@pingidentity.com>>:
Do
-WG] proof-of-possession-02 cnf via key thumbprint?
Do folks in the WG think there'd be utility in having a way to identity the
finger/thumbprint of a key in the cnf claim. A presenter might, for example,
present the JWT along with a public JWK and some proof-of-possession of that
JWK. An
Yes, kid could do it. It just seemed less than idea and that, for
confirmation, it might be useful to explicitly say "this is the thumbprint
of the key that'll confirm this JWT" rather than "here's something that
points to a key for confirmation and in some cases it might be a
thumbprint".
But I j
ok, this is a full circle to my original comment "Would not kid do? "
2015年3月23日(月) 13:52 Brian Campbell :
> I wasn't necessarily suggesting to drop the kid one.
>
> On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura wrote:
>
>> +1 for dropping kid in favor of thumbprint.
>> 2015年3月23日(月) 12:56 Brian
I wasn't necessarily suggesting to drop the kid one.
On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura wrote:
> +1 for dropping kid in favor of thumbprint.
> 2015年3月23日(月) 12:56 Brian Campbell :
>
> Yeah, it could be done with kid. But that would require a bit more
>> out-of-band understanding betwe
s,
> "kid" is the clear winner as the claim name. Let's keep it.
>
> -- Mike
> From: Nat Sakimura <mailto:sakim...@gmail.com>
> Sent: 3/23/2015 1:01 PM
> To: Brian Campbell <mailto:bcampb...@pingidentity.com>
> Cc: oauth <mailto:oauth@ietf.org
the clear winner as the claim name. Let's keep it.
-- Mike
From: Nat Sakimura<mailto:sakim...@gmail.com>
Sent: 3/23/2015 1:01 PM
To: Brian Campbell<mailto:bcampb...@pingidentity.com>
Cc: oauth<mailto:oauth@ietf.org>
Subject: Re: [O
+1 for dropping kid in favor of thumbprint.
2015年3月23日(月) 12:56 Brian Campbell :
> Yeah, it could be done with kid. But that would require a bit more
> out-of-band understanding between the parties to know that the kid is, in
> fact, a thumbprint. Seems like it'd be better to outright support a
>
Yeah, it could be done with kid. But that would require a bit more
out-of-band understanding between the parties to know that the kid is, in
fact, a thumbprint. Seems like it'd be better to outright support a
thumbprint rather than overloading kid, if thumbprint representation of the
key for confir
Would not kid do?
Right, thumbprint has more semantics and has nice properties, but having
too many ways is not good for interop.
Nat
2015-03-23 15:40 GMT+09:00 Brian Campbell :
> Do folks in the WG think there'd be utility in having a way to identity
> the finger/thumbprint of a key in the cnf
Do folks in the WG think there'd be utility in having a way to identity the
finger/thumbprint of a key in the cnf claim. A presenter might, for
example, present the JWT along with a public JWK and some
proof-of-possession of that JWK. And the JWK would be bound to the JWT via
the thumbprint, which
11 matches
Mail list logo