IETF Logo Mail Archive

Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)

Ted Lemon <Ted.Lemon@nominum.com> Mon, 06 October 2014 19:48 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF661A1B7F; Mon, 6 Oct 2014 12:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.686
X-Spam-Level:
X-Spam-Status: No, score=-2.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8C6bwzz55CXg; Mon, 6 Oct 2014 12:48:47 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6232B1A1A34; Mon, 6 Oct 2014 12:48:47 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 792CE1B81AB; Mon, 6 Oct 2014 12:48:46 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 4D31D53E070; Mon, 6 Oct 2014 12:48:46 -0700 (PDT)
Received: from [10.0.10.40] (71.233.43.215) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.195.1; Mon, 6 Oct 2014 12:48:46 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAF0C41@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Mon, 06 Oct 2014 15:48:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <0DB7566C-CEFD-49E3-AD23-83E4EE5C1D01@nominum.com>
References: <20141002135827.27947.4504.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAF0C41@TK5EX14MBXC286.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1878.6)
X-Originating-IP: [71.233.43.215]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/PoG_oHvSHoG5mUBe4xKlRtJ4CFU
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-oauth-json-web-token@tools.ietf.org" <draft-ietf-oauth-json-web-token@tools.ietf.org>
Subject: Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 19:48:53 -0000

On Oct 6, 2014, at 3:54 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> Sometimes authenticated encryption alone is good enough without requiring a signature.  Different applications will have different requirements.  So while this section discussion the applicable considerations, the working group felt that it was going too far to make this prescriptive.

But if you don't need to sign the message, why sign it?

v2.23.0 | Report a Bug | By Email