On Mon, Apr 30, 2018 at 9:57 AM, Neil Madden <neil.mad...@forgerock.com> wrote:
> > > On 30 Apr 2018, at 15:07, John Bradley <ve7...@ve7jtb.com> wrote: > > > My concern is that people will see a bigger number and decide it is > better if we define it in the spec. > > We may be getting people to do additional work and increasing token size > without a good reason by putting it in the spec directly. > > I’m not sure why this is a concern. As previously pointed out, SHA-512 is > often *faster* than SHA-256, and an extra 32 bytes doesn’t seem worth > worrying about. > Seems like maybe it's worth noting that with JWT, where size can be a legitimate constraint, those extra bytes end up being base64 encoded twice. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
