On 2017-02-13 21:19, Jacob Hoffman-Andrews wrote:
On 02/12/2017 10:09 PM, Anders Rundgren wrote:
JWS is great for what is was originally designed for. ES6 normalization
nullifies the need for dressing JSON data in Base64Url.
Could you clarify this comment? Are you proposing that ACME should not
wrap internal fields in another layer of base64url? Or that the JWS spec
should be revised to not wrap payloads in base64url?
Well, it is too late to change now but I proposed this more than a year back.
Martin's comment is exactly what I expected to happen when using JWS.
Hopefully there won't be that many new protocols using such measures.
ES6 serialization works, it is a standard, and it is implemented in the most
widespread JSON tools available (browsers).
JWS will probably not be revised because JWS signs "data". What I'm advocating
are JSON/JavaScript objects optionally holding an enveloped signature which is
a rather different animal:
Using JWS:
{
"mydoc": {
human-unreadable Base64Url-encoded signature container.
}
}
Note: "mydoc" is not signed.
Using an enveloped signature:
{
"mydoc": ...,
"someotherprop" : ...,
"signature": {
...
}
}
Anders
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
