Hi Mike,
Thanks for doing this review; just to confirm one point...
On Tue, Mar 26, 2019 at 02:35:47PM +, Mike Jones wrote:
>
> 3. "Note to WG" - I suspect that this wouldn't get past the IESG without
> crypto agility. A parameter probably needs to be introduced to specify the
> hash alg
There are some deployments that I'm aware of that are considering using
draft-ietf-oauth-signed-http-request. Because of that, I've done a detailed
review of https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03,
which follows. Only substantive issues are discussed. If the draft
