> SD-JWT = JWT "~" *[DISCLOSURE "~"]
made me smile...
I.e., Zero or more of [DISCLOSURE “~”], each of which is optional (can be
empty) due to the []
(Simple-minded ABNF validators tend to loop on something like this.)
Anyway, I’m writing this to point out that languages such as ABNF should neve
On 2. May 2025, at 16:18, Henry S. Thompson
wrote:
>
> Carsten Bormann writes:
>
>> ...
>
>> For IETF purposes, JSON text is always UTF-8 encoded, so there is no
>> difference.
>
> I don't agree, based on my reading of 8259. It's clear that
On 2. May 2025, at 13:09, Henry S. Thompson
wrote:
>
> Carsten Bormann writes:
>
>> On 2. May 2025, at 12:04, Henry Thompson via Datatracker
>> wrote:
>>>
>>> ["26bc4LT-ac6q2KI6cBW5es", "family_name", "M%xc3%xb6bius"]
On 2. May 2025, at 12:04, Henry Thompson via Datatracker
wrote:
>
> ["26bc4LT-ac6q2KI6cBW5es", "family_name", "M%xc3%xb6bius"] [2]
The weird %x notation in the third element has nothing to do with JSON, which
makes it difficult for me to understand the rest of what you are trying to say.
On 17. Dec 2024, at 21:04, Paul Bastian wrote:
>
> RFC7049 doesn't even have a privacy consideration section although it
> contains linkable data structures that may be utilized to track users.
I’m not sure why you pick an RFC that has been superseded a while ago by an
Internet Standard, but l
This is all great, but it is informative text except for a few sprinkled
interoperability keywords “for the implementer” (when, apparently, it already
has been decided to use this mechanism).
The point, however, is that this specification has a limited area of
applicability.
Outsourcing secur
On 2024-06-13, at 22:02, Dick Hardt wrote:
>
> ISO has its processes and IETF has its processes
Right.
We don’t have a process for living documents.
(We do have processes for IANA registries, which could be misused here. Maybe
that is actually what you are trying to do here. I’d love to be
On 2024-02-20, at 17:19, Orie Steele wrote:
>
> application/vc+ld+json - https
> application/vp+ld+json - https
>
> application/vc+ld+json+jwt - ht
> application/vp+ld+json+jwt - ht
>
> application/vc+ld+json+sd-jwt -
> application/vp+ld+json+sd-jwt -
>
> application/vc+ld+json+cose - h
> ap
On 2023-11-27, at 15:55, Orie Steele wrote:
>
> application/jwt; profile=secevent
>
> This is a general form of the challenges associated with using multiple
> structured suffixes with JWTs.
Anything that reduces our need to extract semantics from complex nested
structured suffixes is good.
Hi Denis,
you address me directly in this message, but there is not much in there I’d
care to reply to.
However, some people might believe what you are saying here:
> On 16. Oct 2023, at 15:24, Denis wrote:
>
> Structures can be generated using CDDL, but can't be validated
> against CDDL. RFC
On 15. Oct 2023, at 18:10, Denis wrote:
>
> Hi Brian and Orie,
>
> In the "old days", such problem did not existed. The prime example is using
> ASN.1 / DER where the decoder can first know the full size of the message
> using two or more bytes after the first byte that must contain the value
On 2023-10-13, at 01:01, Orie Steele wrote:
>
> scenarios where an attacker can exploit a vulnerable json parser,
Do not use a vulnerable JSON parser, then.
(One of the main motivations for a standards-based representation format is
that you get access to debugged implementations of those.
Lik
On 2021-02-24, at 11:22, Warren Parad wrote:
>
> Should we solve the NxM problem, and if so, how do you propose we do that?
Let GNAP do that.
Grüße, Carsten
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
On 2020-08-03, at 16:42, Carsten Bormann wrote:
>
> On 2014-10-06, at 09:54, Mike Jones wrote:
>
>>> - 4.1.7: maybe worth adding that jti+iss being unique enough is not
>>> sufficient and
>>> jti alone has to meet that need. In
>>> X.509 the
On 2014-10-06, at 09:54, Mike Jones wrote:
>> - 4.1.7: maybe worth adding that jti+iss being unique enough is not
>> sufficient and
>> jti alone has to meet that need. In
>> X.509 the issuer/serial has the equivalent property so someone might assume
>> sequential jti values starting at 0 are ok.
On 2020-07-13, at 17:19, Tom Jones wrote:
>
> What, exactly is json encoding?
JSON is defined in RFC 8259.
The term “encoding” is ambiguous here, it could be used for the encoding of a
JSON text (which employs UTF-8) or the representation of an application data
model using the JSON generic dat
Hi Robert,
This raises the $64000 question: What piece of information made you consider
that this draft might need more help? Maybe there is some miscommunication
that we can fix.
Grüße, Carsten
> On Apr 3, 2019, at 12:14, Robert Lembree
> wrote:
>
> Hello folks,
> What is
On Apr 17, 2018, at 12:24, Carsten Bormann wrote:
>
> ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259)
That also gives rise to:
Minor technical comment: 2.3 claims that JSON can be in different encodings.
This is no longer really the case with RFC 8259 (see Secti
I haven’t read the document yet, but idnits did some reading for me:
** The document seems to lack a Security Considerations section.
** The abstract seems to contain references ([RFC7519]), which it
shouldn't. Please replace those with straight textual mentions of the
documents in
> On 15 Mar 2017, at 22:06, Mike Jones wrote:
>
> Will you be in Chicago, Antonio? If so, maybe you can sit down with us and
> work on advice to implementers.
And maybe we can also work out what part of that advice (and possibly which
additional advice) applies to COSE.
Grüße, Carsten
___
> draft-ietf-ace-cbor-token-00.txt;
For the record, I do not think that ACE has a claim on the term "CBOR
Token". While the term token is not used in RFC 7049, there are many
tokens that could be expressed in CBOR or be used in applying CBOR to a
problem.
ACE CBOR Token is fine, though.
(Or, be
Bill Mills wrote:
> If there are structural differences in what CBOR can support it would be
> worthwhile to note that. Examples of things supported in JWT that you
> can't do in CBOR could be very helpful to implementers.
Those don't exist, but there may be things you have to do in JSON that
you
Hi Erik,
having this draft is a good thing.
One thing I'm still wondering is what WG is the best place to progress
this. We probably don't need to spend too much time on this because,
regardless of the WG chosen, the people in another WG can look at it.
Still, getting this right might provide so
23 matches
Mail list logo
