Stephane Bortzmeyer <bortzmeyer@xxxxxx> wrote:
> Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote
> a message of 201 lines which said:
>> Myself, I find the use a machine parseable file in format ".txt" to
>> be counter-intuitive. Others have said it should be .json, and that
>> we should use JOSE to sign.
> Strong *no* from me. The entire idea of security.txt was for it to be
> simple to *write*, with ordinary tools, and no need to check the
> syntax. Otherwise, adoption would probably suffer.
So, right now, it's machine parseable, so not easy to write.
>> 2) it is .json, it is machine parseable, and is JOSE signed.
> Pointers to software to create JOSE signatures from a JSON file are
> welcome.
There are dozens of such pieces of code.
https://github.com/search?q=JOSE&ref=opensearch
Of the 12,000 results, on the first page of 10 results, 1 is because the
author is named Jose. The rest are libraries to do exactly what you need.
>> I think that foundil-securitytxt should go back to saag for discussion.
> I disagree.
It would be great if you said what you want instead.
Do you want it to go forward as is? (machine parseable .txt)
Or just die?
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
