Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-08-10 Thread Mike Jones
ks again for your useful review comments. -- Mike From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Sunday, March 22, 2015 6:43 PM To: oauth Subject: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02 My brain

Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-25 Thread John Bradley
Sure no problem:) > On Mar 25, 2015, at 10:42 AM, Brian Campbell > wrote: > > Yeah, sorry, I misspoke (this stuff isn't easy). The presenter doesn't > confirm. The presenter presents the token along with something that proves > possession, which allows the recipient to confirm. My original gr

Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-25 Thread Brian Campbell
Yeah, sorry, I misspoke (this stuff isn't easy). The presenter doesn't confirm. The presenter presents the token along with something that proves possession, which allows the recipient to confirm. My original grip with both texts is that they seem to suggests that the presenter makes the declaratio

Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-25 Thread Justin Richer
Agree that this language isn’t clear. The presenter doesn’t confirm the claim either, the presenter never even looks for it (unless the presenter is the issuer, which is a special and hopefully rare case). That’s why the key is delivered to the presenter in parallel with the token. It’s the RS t

Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-25 Thread Nat Sakimura
My take is that the presenter presents the token with cnf claim and some kind of proof of possession of the material that cnf claim refers to. It is the recipient that "confirms" or "verifies" the claim made by the authorized presenter is correct. 2015-03-25 23:37 GMT+09:00 Brian Campbell : > The

Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-25 Thread Brian Campbell
There's similar wording in sec 3.3 too that seems to suggest that the presenter is the one that makes the claim. I think the presenter confirms the claim when it presents. It's the issuer that makes/asserts/declares

[OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02

2015-03-22 Thread Brian Campbell
My brain hurt trying to parse the first sentence/paragraph from section 3 : "The presenter of a JWT declares that it possesses a particular key and that the recipient can cryptographically confirm proof-of- po