Opened 9 years ago

#89 new defect

Section 8. Security Considerations

Reported by: ietf@… Owned by: draft-ietf-jose-json-web-key@…
Priority: major Milestone:
Component: json-web-key Version:
Severity: - Keywords:


  1. s/private/private key/ in the second sentence
  1. para #2 - There is no real concept of a key by itself having trust. What is generally trusted is going to be a question of what data is bound to the key that has trust. This paragraph needs to be updated to reflect that.
  1. para #5 - Is it going to be self-evident to a novice which items are specifically XML and which are not? Are there so many unique ones that we cannot just copy them here? This seems to be the only reason to reference the document and it comes out of the blue why it would be of interest.
  1. para #6 - This is a set of requirements on how to use TLS and not security considerations.
  1. Missing comment about the relative strength of the algorithm used to protect a private key and the private key itself.
  1. RFC 3447 - does not have an easily identifiable security considerations section. Should probably be omitted as a reference and listed if they are of importance
  1. RFC 6030 - you have not dealt with section 13.2 or section 13.3 in this document.

Change History (0)

Note: See TracTickets for help on using tickets.