On Thu, Jul 15, 2010 at 5:43 PM, Dirk Balfanz <balf...@google.com> wrote:
> > One question: What's the deal with having the signature go first? If you > can explain to me why that is a good idea, I'm happy to oblige. > > When we were talking about base64url or not, putting the signature before the dot meant it was okay for a dot to show up in the payload in an unencoded fashion, which was coupled with the fact that lsplit or split with a limit are more common in standard libraries based on some rough exploration. But that's not relevant anymore. Is there a downside to having the signature first? I like it better because the signature length is predictable, meaning the first X chars will be the sig, and then the X+1 char will be the dot. I like the consistency it provides :) -Naitik
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
