[Openid-specs-ab] Issue #1161: Key rotation should require a delay between publishing a key and starting to use it? (openid/connect)
Vladimir Dzhuvinov
vladimir at connect2id.com
Mon Mar 23 22:17:59 UTC 2020
Hi Filip,
On 23/03/2020 10:54, Filip Skokan via Openid-specs-ab wrote:
>
> 1. should we do something about that language to suggest that
> signature recipients may omit fetching external jwks_uri resources
> if they already did so recently?
> 2. should we extend the attestation statement
> <https://openid.net/wordpress-content/uploads/2015/04/OpenID-Certification-Attestation-Statement.pdf> to
> allow for other rotation tests to be attested to allow
> implementers to have mechanisms that protect their infrastructure.
>
What is your own take on this?
Vladimir
--
Vladimir Dzhuvinov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200324/e742b136/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4007 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200324/e742b136/attachment.p7s>
More information about the Openid-specs-ab
mailing list