[OAUTH-WG] Document Management Issue (Signatures)

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Mon, 27 September 2010 16:42 UTC

Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 2F3DA3A6B4E for <oauth@core3.amsl.com>; Mon, 27 Sep 2010 09:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.415
X-Spam-Status: No, score=-102.415 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id wN2AxVhdmFLh for <oauth@core3.amsl.com>; Mon, 27 Sep 2010 09:42:51 -0700 (PDT)
Received: from demumfd001.nsn-inter.net (demumfd001.nsn-inter.net []) by core3.amsl.com (Postfix) with ESMTP id 2EB743A6B5A for <oauth@ietf.org>; Mon, 27 Sep 2010 09:42:48 -0700 (PDT)
Received: from demuprx017.emea.nsn-intra.net ([]) by demumfd001.nsn-inter.net ( with ESMTP id o8RGhPqr024116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Mon, 27 Sep 2010 18:43:25 +0200
Received: from demuexc022.nsn-intra.net (demuexc022.nsn-intra.net []) by demuprx017.emea.nsn-intra.net ( with ESMTP id o8RGhMVg010660 for <oauth@ietf.org>; Mon, 27 Sep 2010 18:43:25 +0200
Received: from FIESEXC015.nsn-intra.net ([]) by demuexc022.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Mon, 27 Sep 2010 18:43:24 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CB5E63.19BDADA4"
Date: Mon, 27 Sep 2010 19:43:24 +0300
Message-ID: <3D3C75174CB95F42AD6BCC56E5555B45031BA596@FIESEXC015.nsn-intra.net>
Thread-Topic: Document Management Issue (Signatures)
Thread-Index: ActeYxnrv0JG1utxSmiWbXGrGmBWww==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: oauth@ietf.org
X-OriginalArrivalTime: 27 Sep 2010 16:43:24.0500 (UTC) FILETIME=[1A3A6940:01CB5E63]
Subject: [OAUTH-WG] Document Management Issue (Signatures)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2010 16:42:52 -0000

Hi all 

I wonder whether the question of "signature in the main specification or
in a separate document" does not really matter. It is purely a matter of
document management style. 

The important question is whether there will be a **mandatory to
implement** or **mandatory to use** someone in the document set.
Mandatory to use is typically hard to enforce unless there is only one
approach possible. This does not seem to be the case.

So, everything then boils down to the question: What is mandatory to
implement? (in this specific case with regard to security)