Hi Brock,
> Am 09.11.2018 um 21:22 schrieb Brock Allen :
>
> Hello all --
>
> I also have some thoughts/feedback on this document.
>
> Personally I agree with some of the conclusions, but as it stands I think the
> document's main conclusion that code flow is the real solution is not
> suffic
Ok, thanks for the clarification.
Your point about a user with multiple devices is correct - but it is by
design. The goal of this protocol is to allow device authentication - there
is no information about the user. Therefore, there is also no way to
associate devices to a user. It creates challeng
> > Does this "MUST be single-use” not effectively already require the code
> is invalidated after first use? If so why downgrade this to a “SHOULD”?
>
> You are right. My feeling is single use can turn out to be a really hard
> to implement requirement. That’s why I would like to relax it. Given w
Hi Evan,
I scanned through the SPIFFE docs but didn’t any mentioning of OAuth (just
plain X.509). What’s your plan for introducing OAuth and mtls?
kind regards,
Torsten.
> Am 13.11.2018 um 00:59 schrieb Evan Gilman :
>
> Thank you everyone for the feedback.
>
> I am currently working on the
Hi Joseph,
> Am 09.11.2018 um 18:27 schrieb Joseph Heenan :
>
> Hi Torsten,
>
> A few comments having just read this afresh:
>
> 2.1: 'Clients SHALL avoid’ - is that normatively different to ’SHOULD’ given
> it appears to be permitted?
SHALL is equivalent to MUST, changed it into SHOULD for
