>> For your point "4) Thumbprint formats" if you or someone else wants to >> define an additional thumbprint format for use in IoT contexts (or any >> other contexts), I encourage you to write an Internet Draft that does >> so, registering the new header parameter defined in the JSON Web >> Signature and Encryption Header Parameters registry. > > That can of course be done, but I would have hoped the initial version of the specification would also be usable in the IoT context, where the use of raw public keys will most likely arise. If what you want is a thumbprint over a raw key, see the individual submission draft https://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-01, which defines a method for doing this. The -01 version incorporates working group feedback from Toronto. In Toronto, I'd asked whether the working group wanted to adopt it as a working group draft and a decision hasn't been made on that yet. If this would be useful for IoT applications, that would be good to know. -- Mike