IETF logoNat Sakimura and I have updated the JSON Web Key (JWK) Thumbprint draft to incorporate feedback receiving during JOSE working group last call. Changes were:

  • No longer register the new JSON Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters and the new JSON Web Key (JWK) member name jkt (JWK SHA-256 Thumbprint) for holding these values.
  • Added security considerations about the measures needed to ensure that a unique JWK Thumbprint value is produced for a key.
  • Added text saying that a base64url encoded JWK Thumbprint value could be used as a kid (key ID) value.
  • Broke a sentence up that used to be way too long.

The specification is available at:

An HTML formatted version is also available at: