Re: [dispatch] [Secdispatch] [art] Plain text JSON digital signatures

Anders Rundgren <> Thu, 29 April 2021 02:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E715D3A2A28; Wed, 28 Apr 2021 19:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rh24c09-M3sV; Wed, 28 Apr 2021 19:06:18 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2C8EA3A2A29; Wed, 28 Apr 2021 19:06:18 -0700 (PDT)
Received: by with SMTP id 82-20020a1c01550000b0290142562ff7c9so5743699wmb.3; Wed, 28 Apr 2021 19:06:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=zB0ww5WbhBaakRYwIOhQfl7GxxPU0HnZpVLdUTe2bpw=; b=KlUbK4R0H8N5BQB60zRLptIaYssejJdVeehs2P0uxyItN7izQCYJ0uGKfUVTG6xNsg V6Z2qyuKi0ACF2KdP2yVmbx7uAwCsnNlvbB9VMKkDjfeNiqD+PjmDlIr2P0oiydRA8ij BmYYR9l9d2/xnteAM6x4wQXma/eOICjRgIL5wrlPUEBe6RwfbAs3UZiVFwgpaVYodg+k XU3reMtet753lsblTev+ECtf6JD+Jm9aTj7NTldtvVA0tpmLb7anBx9Wn1lPykAutk97 zoKSveBw5H3gbnIE0cg7tLB9p2oaz0zNKACxNVuh2isd0zL5322w8WPltOSiksxw7pFZ LhWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=zB0ww5WbhBaakRYwIOhQfl7GxxPU0HnZpVLdUTe2bpw=; b=pRpg8AHfHIOS2rdcZM+Li8hDKBqdZG/gZtWLoMzbljDuFhfekko56/epeHnHFN3eEv sP4X4rTQszZeF4K7e2rdeaD0zZ0/RKb026UAwgJOSsYf0pPZh/6dJ/iMmW/Zz4w7+cAj wS+ZT0MqkDjoPJ3RPjlZPCjKxipUqh/TBhgsQaD85FStIDmefv9sor16nt99atF6tqDX xTAmDHoMtudG4ND3Blimxpga0rRg9Mm8F9BZD/15IwvPk5DfCSvLlS+lt9L0SPYle87Z 1wq4sh5DMmUagx368K4Hdq3u9HnA/PDKKaEyfQYNxaCqBFbmATiqdnVW7bQ+/piCmVf+ RwZw==
X-Gm-Message-State: AOAM53293mLrtgrmiv67Yxce18iBB53qbvSYUSdhlJoTOf7H6f3gn9TH vxK5TqkNS1jV1S1/aHCLqwg=
X-Google-Smtp-Source: ABdhPJwZwkI1+ZXOe+86em7xU7ja7BM81TY4BFYLU79ru4pJat53wUwZDasxenyVSiqd2/ULYSdFxw==
X-Received: by 2002:a05:600c:4f14:: with SMTP id l20mr4535486wmq.150.1619661974798; Wed, 28 Apr 2021 19:06:14 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id q20sm13657783wmq.2.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 28 Apr 2021 19:06:14 -0700 (PDT)
To: Stefan Santesson <>
Cc: DISPATCH <>,, IETF SecDispatch <>,
References: <> <> <> <> <>
From: Anders Rundgren <>
Message-ID: <>
Date: Thu, 29 Apr 2021 04:06:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [dispatch] [Secdispatch] [art] Plain text JSON digital signatures
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Apr 2021 02:06:23 -0000

On 2021-04-28 11:29, Stefan Santesson wrote:
> RFC 7797 is supported by common open source such as Nimbus and I use it
> for instances where you obviously do not need a URL safe token.

I see.

> As such it works for JWS but Not for JWT. But It works really well and
> saves space when URL safeness is not needed.

That's great.  Note though that this scheme require that '.' are escaped into \u002e as can be seen in the example below.  Data to sign:
   "payee": "Space Shop",
   "amount": {
     "currency": "EUR",
      "value": "100.00"

Using RFC 7797 (with "b64":false,"crit":["b64"]):
eyJhbGciOiJFUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19.{"amount":{"currency":"EUR","value":"100\u002e00"},"payee":"Space Shop"}.KFOhCfpyZnW7RUpwOvZAJPKDfpF1R2uENirUW6Ew4v1HwQI5iFJaXKW0PsvTuVNpb-T_UjpOcv868qihMjeMwA

Using JWS/CT (here pretty-printed using standard JSON tools):
   "payee": "Space Shop",
   "amount": {
     "currency": "EUR",
      "value": "100.00"
   "signature": "eyJhbGciOiJFUzI1NiJ9..aY27xoS5B3J-uZtUdJzXevqBbnNf4vNT1YN1_eHPOcILMXlVu3VjdExW17f66EGdt4mxQSnpAVLsUa4k2zSLQw"

> So I guess your answer is that it still encapsulates the signed JSON in
> the signature, and that the proposal really is about embedding signature
> in the JSON object being signed (and not about whether the JSON is in
> plaintext).

JWS/CT addresses several issues:
- Maintaining a consistent message structure
- Maintaining JSON notation
- Full compliance with JavaScript and browser APIs (including the "JSON" object).

However, from an IETF adoption point of view it is rather the validity and reliance on RFC 8785 that is the core issue.

> Could you elaborate why you think it is important to NOT embed signed
> data in the signature?

The example above may serve this purpose.

> What is the usecase?

See this response to Carsten:


> /Stefan
> On 2021-04-28 11:00, Anders Rundgren wrote:
>> On 2021-04-28 8:52, Stefan Santesson wrote:
>>> How is this different/better than implementing RFC 7797 and apply the
>>> header b64=false in order to carry plaintext JSON in the payload?
>> Good question!
>> Apart from the fact that the data becomes embedded in the JWS
>> signature container (=changing the structure), you cannot really put
>> JSON there:
>> My guess that the only real-world use of this option is to save an
>> internal-only (but technically redundant) Base64Url-operation for
>> truly detached data, be it it JSON, PNG, etc.
>> JWS/CT was designed for signing JSON Objects ({}), and let them remain
>> as such.
>> Thanx,
>> Anders