I'm not sure what article you're referring to, but feel free to add the article and send a pull request to oauth.net:
https://github.com/aaronpk/oauth.net Here's an example of the PR for the Authentication article that Justin added: https://github.com/aaronpk/oauth.net/pull/81 Aaron Parecki On Thu, Apr 2, 2015 at 1:43 PM Mike Jones <michael.jo...@microsoft.com> wrote: > This warning is already in place in https://tools.ietf.org/html/ > draft-ietf-oauth-json-web-token-32#section-7.2. It says: > > Finally, note that it is an application decision which algorithms may > be used in a given context. Even if a JWT can be successfully > validated, unless the algorithm(s) used in the JWT are acceptable to > the application, it SHOULD reject the JWT. > > -- Mike > > -----Original Message----- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Thursday, April 02, 2015 11:28 AM > To: Tim McLean > Cc: oauth@ietf.org; j...@ietf.org > Subject: Re: [OAUTH-WG] [jose] Security research on JWT implementations > > [[adding oauth@ietf.org]] > > On 04/02/2015 08:01 PM, Tim McLean wrote: > > However, I do think one way of gauging the success of JWS/JOSE is to > > measure how many implementers actually get the security details right. > > I agree with you. > > If several people got this wrong then it is a good idea to write about it. > Of course, it was a bit difficult to foresee this issue at the time of > writing the specification. > > At a minimum we should put a version of your article at oauth.net. > > Since the JWT spec (which you reference in your article) is still in > Auth48 state we can still add a warning remark to Section 7.2 of > https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32. > > Ciao > Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
