A comment:
The X509Certificate element contains a base64-encoded X509v3
certificate (TODO:reference).
After several hours of poking around, I've discovered that parsing
these is highly nontrivial on Google AppEngine, which makes me
nervous. I think this means we should either augment Google AppEngine
or change the spec.
From the POV of Salmon, we may not actually need the full complexity
of a CA cert path and the X509Certificate element therefore is mostly
overkill.
Wading into waters I am not equipped to talk intelligently about,
except in regards to existing library support: Would it be reasonable
to support a very simple alternative to a full X509Certificate
element, e.g., that provides exponent and modulus for RSA in the case
where you have no signed cert chain?
On Nov 24, 6:15 pm, Brian Eaton <
bea...@google.com> wrote:
> I just published a fresh draft of the oauth key discovery work.
>
> Comments welcome:
http://oauth-key-discovery.googlegroups.com/web/oauth-key-publication...
>
> Cheers,
> Brian