More on data formats
dirkjan at ochtman.nl
Tue Nov 26 13:10:49 PST 2013
On Tue, Nov 26, 2013 at 9:08 PM, Chris Karlof <ckarlof at mozilla.com> wrote:
> IMO, your proposal is reasonable for the current use cases.
> People in my security/crypto world generally assume they can't predict future use cases and the resulting possible confusion, and take every opportunity to make things as explicit as possible. This can create extra verbosity that never delivers measurable value, so yeah, it's not free.
Yeah, it's not a very simple trade-off.
> FWIW, I'm neutral on the string vs URI for sub. I anticipate certificates and assertions will be opaque to RPs for the foreseeable future (i.e., most RPs will just use our verifier service), so we'd bear most of the burden of these tradeoffs anyway.
I very much agree. I think pretty much all non-Mozilla RPs just want a
binary answer from their verifier (either the remote verifier or a
> I encourage warner to weigh in here.
That would be very helpful.
More information about the Dev-fxacct