[OAUTH-WG] Question for encrypted POP Key

Jim Schaad <ietf@augustcellars.com> Mon, 20 January 2020 18:57 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id A389B12083A for <oauth@ietfa.amsl.com>; Mon, 20 Jan 2020 10:57:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Nvxv5yE-FanV for <oauth@ietfa.amsl.com>; Mon, 20 Jan 2020 10:57:47 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23E71120845 for <oauth@ietf.org>; Mon, 20 Jan 2020 10:57:38 -0800 (PST)
Received: from Jude ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 20 Jan 2020 10:57:13 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: <draft-ietf-oauth-proof-of-possession@ietf.org>
CC: 'oauth' <oauth@ietf.org>
Date: Mon, 20 Jan 2020 10:57:07 -0800
Message-ID: <002501d5cfc3$6d3a0930$47ae1b90$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdXPwu8/l3HG9L7fRL2eLS+vwxL9Cg==
Content-Language: en-us
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NjtL8RdEhKscRYgIFuMp2mOs63k>
Subject: [OAUTH-WG] Question for encrypted POP Key
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 18:57:54 -0000

I am trying to deal with some of the various confirmation methods for a  POP
token.  The question that I have is about the format of the JOSE Encrypted
value to be used.  The document has an example of a compact serialization
for this concept, it does not have an example of a JSON serialization.  The
document appears to be silent about the legal serialization formats except
for this example.  

Is only the compact serialization format allowed or are all three
serialization formats allowed?