Slightly updated JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) drafts have been published that address the last of the IESG review comments, which were follow-up comments by Stephen Farrell and Pete Resnick. All DISCUSS comments had already been addressed by the previous drafts. The one normative change is that implementations must now discard RSA private keys with an “
oth” parameter when the implementation does not support private keys with more than two primes. The remaining changes were editorial improvements suggested by Pete.
The specifications are available at:
HTML formatted versions are available at: