[[adding oauth@ietf.org]] On 04/02/2015 08:01 PM, Tim McLean wrote: > However, I do think one way of gauging the success of JWS/JOSE is to > measure how many implementers actually get the security details right.
I agree with you. If several people got this wrong then it is a good idea to write about it. Of course, it was a bit difficult to foresee this issue at the time of writing the specification. At a minimum we should put a version of your article at oauth.net. Since the JWT spec (which you reference in your article) is still in Auth48 state we can still add a warning remark to Section 7.2 of https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32. Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
