- From: Alex Russell <notifications@github.com>
- Date: Wed, 14 Aug 2019 11:36:06 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 14 August 2019 18:36:29 UTC
Hey all! The proposal for a potential PR transition came across our transom, and quickly reviewing the spec I had a few questions: - Has any thought been given to a serialisation formation that is less error-prone than JWT? For instance, CBOR? - On that front, perhaps signing could re-use an existing container format, e.g. SXG: https://developers.google.com/web/updates/2018/11/signed-exchanges - Has thought been given to providing a JSON-LD+JWT (or other format) decoding/validation Web API? It seems as though we'll take on quite a lot of polyfill debt (and potential security problems) without ways of pulling the crypto bits out of userland Regards -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/343#issuecomment-521366220
Received on Wednesday, 14 August 2019 18:36:29 UTC