Canonicalised signature schemes inevitably lead to cryptographic doom, and should die with SAML (ha!). For that reason I do not support adoption of this draft.
I also think the arguments for canonicalisation vanish as soon as you want end-to-end confidentiality too. — Neil > On 6 Oct 2021, at 22:02, Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> wrote: > > > All, > > As a followup on the interim meeting today, this is a call for adoption for > the OAuth Proof of Possession Tokens with HTTP Message Signature draft as a > WG document: > https://datatracker.ietf.org/doc/draft-richer-oauth-httpsig/ > > Please, provide your feedback on the mailing list by October 20th. > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Manage My Preferences <https://preferences.forgerock.com/>, Unsubscribe <https://preferences.forgerock.com/>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
