Hi Yaron! Thanks for this quick update. It addresses my feedback. I'll advance the document.
Roman > -----Original Message----- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Yaron Sheffer > Sent: Friday, June 07, 2019 2:18 PM > To: oauth <oauth@ietf.org> > Subject: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth- > jwt-bcp-06.txt > > Dear WG members, > > Version -06 addresses Roman's AD comments, basically separating the > rationale from the recommendations to maintain the document's internal > consistency. > > We also removed one SHOULD-level recommendation, "Sensitive > information, such as passwords, SHOULD be padded before being > encrypted." While length hiding would be nice in principle, standard ciphers > such as AES-GCM do not provide it out of the box. > > Thanks, > Yaron > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-ietf-oauth-jwt-bcp-06.txt > Date: Fri, 07 Jun 2019 11:08:00 -0700 > From: internet-dra...@ietf.org > To: Michael B. Jones <m...@microsoft.com>, Dick Hardt > <dick.ha...@gmail.com>, Yaron Sheffer <yaronf.i...@gmail.com>, Michael > Jones <m...@microsoft.com> > > > A new version of I-D, draft-ietf-oauth-jwt-bcp-06.txt has been successfully > submitted by Yaron Sheffer and posted to the IETF repository. > > Name: draft-ietf-oauth-jwt-bcp > Revision: 06 > Title: JSON Web Token Best Current Practices > Document date: 2019-06-07 > Group: oauth > Pages: 16 > URL: > https://www.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bcp-06.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ > Htmlized: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-06 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bcp > Diff: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-jwt-bcp-06 > > Abstract: > JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security > tokens that contain a set of claims that can be signed and/or > encrypted. JWTs are being widely used and deployed as a simple > security token format in numerous protocols and applications, both in > the area of digital identity, and in other application areas. The > goal of this Best Current Practices document is to provide actionable > guidance leading to secure implementation and deployment of JWTs. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
