I'm going to resurrect exactly one of my previous review comments that was not addressed. The original comment was:
6.1. <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1> Issuance<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>: There are many places from here on where the label "SHA-256 Hash" is used, for instance "SHA-256 Hash: jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4". Change all of these to "Base64url-Encoded SHA-256 Hash" for correctness. Brian responded "The current wording might not be as descriptive as you'd like but it is correct." I'll water down my request if you're not willing to change all the occurrences to "Base64url-Encoded SHA-256 Hash" to then please at least add a textual caveat before the first such occurrence along the lines of: In the text below and in other locations in this specification, the label "SHA-256 Hash:" is used as a shorthand for the label "Base64url-Encoded SHA-256 Hash:". As I said in my initial review, I look forward to this specification being published as an RFC. Best wishes, -- Mike From: Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> Sent: Tuesday, September 3, 2024 3:39 AM To: oauth <oauth@ietf.org> Subject: [OAUTH-WG] WGLC for SD-JWT All, As per the discussion in Vancouver, this is a WG Last Call for the SD-JWT document. https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html Please, review this document and reply on the mailing list if you have any comments or concerns, by Sep 17th. Regards, Rifaat & Hannes
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
