JOSE and many other specs have allowed algorithms to be specified at multiple
security levels: a baseline 128-bit level, and then usually 192- and 256-bit
levels too. It seems odd that a draft that is ostensibly for high security
assurance environments would choose to only specify the lowest acc
Will add to the draft. Thank you Jeff!
--
From: =JeffH
To: IETF OAuth WG
Subject: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?
Message-ID: <0c2d1ad2-1239-26e0-87c1-9be2bd1e7...@kingsmountain.com>
Content-Type: text/plain; charset=utf-8; format=flowed
