Hi Jim, I had a chat with Mike about relaxing the CWT-PoP spec to allow multiple PoP keys in a single CWT token.
He is concerned about the departure from RFC 7800 and, after giving it a bit more thoughts, I believe there is an issue. Initially, when we started the work our promise was that this is really just an alternative encoding of RFC 7800. With changes like those we are obviously breaking that concept. Having multiple keys within a single CWT is a corner case and I am not sure anymore whether I indeed want to go into that direction. In our implementation we are also not using multiple keys in a single CWT either. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
