Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)

Tue, 14 Oct 2014 05:55:57 -0700 

The proposed resolution below has been applied to the -28 draft.

                                Thanks again,
                                -- Mike

> -----Original Message-----
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
> Sent: Tuesday, October 07, 2014 6:06 PM
> To: Ted Lemon; John Bradley
> Cc: oauth-cha...@tools.ietf.org; oauth@ietf.org; The IESG; draft-ietf-oauth-
> json-web-to...@tools.ietf.org
> Subject: Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-
> web-token-27: (with COMMENT)
> 
> > -----Original Message-----
> > From: Ted Lemon [mailto:ted.le...@nominum.com]
> > Sent: Tuesday, October 07, 2014 10:30 AM
> > To: John Bradley
> > Cc: The IESG; Mike Jones; draft-ietf-oauth-json-web-to...@tools.ietf.org;
> > oauth-cha...@tools.ietf.org; oauth@ietf.org
> > Subject: Re: Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-
> 27:
> > (with COMMENT)
> >
> > On Oct 7, 2014, at 1:14 PM, John Bradley <ve7...@ve7jtb.com> wrote:
> > > Encrypting and then signing is likely only a special case used by some
> > applications that are configured to understand what is going on.
> >
> > This isn't really responsive to what I said.   As I said, I'm just asking 
> > you to be
> > consistent, not to change the requirements.   I don't think that text in the
> > security considerations section addresses the inconsistency I'm talking 
> > about in
> a
> > different section.   That said, please don't continue to talk to me about 
> > this.   If
> > you think there's an action to take, take it.   If not, no need to continue 
> > trying
> to
> > explain.   I'm okay with it either way.
> 
> I'll plan to take the action described yesterday that you said you were OK 
> with -
> adding language about "If both signing and encryption are necessary" in order 
> to
> make the context of this advice clear.  I believe that that will improve the
> understanding of this guidance by many readers.
> 
> Thanks again for the discussion, Ted.
> 
>                               -- Mike
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to