please unsubscribe my email id from your records.
On Thu, Mar 18, 2021 at 11:29 PM Mike Jones wrote:
> Thanks, Watson. We've published
> https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-31 with these changes.
>
> -- Mike
>
> -Original Message-
> From:
Thanks, Watson. We've published
https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-31 with these changes.
-- Mike
-Original Message-
From: Watson Ladd
Sent: Wednesday, March 17, 2021 6:21 PM
To: Mike Jones
Cc: nat ; r...@cert.org; sec...@ietf.org; oau
On Wed, Mar 17, 2021 at 2:47 PM Mike Jones wrote:
>
> I’ve created the pull request
> https://bitbucket.org/Nat/oauth-jwsreq/pull-requests/14/ applying the
> proposed changes below to the draft. Unless suggestions for changes are
> received, we’ll merge this and publish -31 to address Watson’s
I’ve created the pull request
https://bitbucket.org/Nat/oauth-jwsreq/pull-requests/14/ applying the proposed
changes below to the draft. Unless suggestions for changes are received, we’ll
merge this and publish -31 to address Watson’s comments.
On Fri, Feb 26, 2021 at 12:54 PM Mike Jones wrote:
>
> Thanks again for your review, Watson. My replies to your comments below are
> prefixed by "Mike>".
Thank you for the work on the draft. I've removed places where we
agree in the interest of readability, so the result may be more
contentious
Thanks again for your review, Watson. My replies to your comments below are
prefixed by "Mike>".
-Original Message-
From: Watson Ladd
Sent: Tuesday, December 15, 2020 9:01 PM
To: Nat Sakimura
Cc: secdir ; IETF oauth WG ;
last-c...@ietf.org; draft-ietf-oauth-jwsreq@ietf.org
Subje
On Sat, Oct 31, 2020 at 6:13 AM Nat Sakimura wrote:
>
> Hi Watson,
>
> Thanks very much for the review. I thought I have sent my response
> earlier, which I actually did not. It was sitting in my draft box. I
> apologize for it.
My apologies for missing it in my inbox for a number of months.
>
>
>And now for the thorny isssues with this draft. Signatures and encryption
are different. And encrypting a signed blob doesn't mean the signer
encrypted it.
Who encrypts data doesn't matter. Especially, when the encryption algorithm
is asymmetric, anyone who has a "public" key, which anyone can ge
Reviewer: Watson Ladd
Review result: Serious Issues
I generated this review of this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG. These
comments were written with the intent of improving security requirements and
considerat
