[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-06.txt

Fri, 07 Jun 2019 11:18:22 -0700 

Dear WG members,
Version -06 addresses Roman's AD comments, basically separating the rationale from the recommendations to maintain the document's internal consistency. 


We also removed one SHOULD-level recommendation, "Sensitive information, 
such as passwords, SHOULD be padded before being encrypted." While 
length hiding would be nice in principle, standard ciphers such as 
AES-GCM do not provide it out of the box.


Thanks,
        Yaron

-------- Forwarded Message --------
Subject: New Version Notification for draft-ietf-oauth-jwt-bcp-06.txt
Date: Fri, 07 Jun 2019 11:08:00 -0700
From: internet-dra...@ietf.org

To: Michael B. Jones <m...@microsoft.com>, Dick Hardt 
<dick.ha...@gmail.com>, Yaron Sheffer <yaronf.i...@gmail.com>, Michael 
Jones <m...@microsoft.com>



A new version of I-D, draft-ietf-oauth-jwt-bcp-06.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:           draft-ietf-oauth-jwt-bcp
Revision:       06
Title:          JSON Web Token Best Current Practices
Document date:  2019-06-07
Group:          oauth
Pages:          16

URL: 
https://www.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bcp-06.txt

Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/
Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-06

Htmlized: 
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bcp
Diff: 
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-jwt-bcp-06


Abstract:
   JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
   tokens that contain a set of claims that can be signed and/or
   encrypted.  JWTs are being widely used and deployed as a simple
   security token format in numerous protocols and applications, both in
   the area of digital identity, and in other application areas.  The
   goal of this Best Current Practices document is to provide actionable
   guidance leading to secure implementation and deployment of JWTs.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to