On Tue, Mar 31, 2020 at 09:33:35PM +0000, Vittorio Bertocci wrote: > > > I’ve already replied to the other thread, but I’ll note that “different > > strengths, different lifecycles” don’t matter much if the RS will accept > > both types of tokens, signed with either key. > point taken. I applied the changes discussed on the other thread. > > >As noted, I’d support making them REQUIRED. Failing that, RECOMMENDED. > Promoted to RECOMMENDED
I'd also prefer REQUIRED, and thanks for already moving to RECOMMENDED (which I was going to suggest as an alternative). -Ben _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
