On Thu, 2011-08-04 at 09:02 -0700, Paul Hoffman wrote: > On Aug 4, 2011, at 8:52 AM, Eric Rescorla wrote: > > > IMO, symmetric integrity protection is a useful primitive, and it's > > already part of the > > JWT spec. I think all that's required here in the charter is to > > wordsmith it to separate > > out symmetric from asymmetric integrity algorithms, > > Current: > 1) A Standards Track document specifying how to apply a JSON-structured > digital signature to data, including (but not limited to) JSON data > structures. "Digital signature" is defined as a hash operation followed by a > signature operation using asymmetric keys. > > It sounds like you would prefer something like: > 1) A Standards Track document specifying how to apply integrity protection to > data, including (but not limited to) JSON data structures. This integrity > protection can be achieved with both symmetric and asymmetric algorithms.
+1, or even possibly: 1) A Standards Track document specifying how to ensure the integrity and/or authenticity of data, including (but not limited to) JSON data structures. This can be achieved with both symmetric and asymmetric cryptographic algorithms. > Is that right? > > --Paul Hoffman > > _______________________________________________ > woes mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/woes
_______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
