Signature method none not accepted

ace-wg / mqtt-tls-profile

Document for MQTT-TLS-profile

Other

0 stars 2 forks source link

Signature method none not accepted #23

Closed ciseng closed 5 years ago

ciseng commented 5 years ago

Section 2.1.3 - Please include a sentence that the signature algorithm of "none" is explicitly not permitted for tokens.

ciseng commented 5 years ago

Added: " Validation of the signature or MAC MUST fail if the signature algorithm is set to "none", when the key used for the signature algorithm cannot be determined, or the computed and received signature/MAC do not match."