IETF Logo Mail Archive

Re: [jose] Use of Base64 encoding

Dick Hardt <dick.hardt@gmail.com> Mon, 17 September 2012 20:09 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30FD621F8606 for <jose@ietfa.amsl.com>; Mon, 17 Sep 2012 13:09:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxcOtKVtwpXa for <jose@ietfa.amsl.com>; Mon, 17 Sep 2012 13:09:47 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 36E4621F84F6 for <jose@ietf.org>; Mon, 17 Sep 2012 13:09:47 -0700 (PDT)
Received: by pbbrr4 with SMTP id rr4so9562163pbb.31 for <jose@ietf.org>; Mon, 17 Sep 2012 13:09:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=k5EwXRkiM85GTn1zbuYOKcfWxx4Q042ATz1rWtpNGmQ=; b=vMvw3fopRRSJhuGI3pbcOqZYlYY60MsePR+FAwaWGPoBX9b27llz2yaNb6K8KaRg5K xotn0DaWcPrfDEJxYJVnC3zpZ+7U1qocKp2LvZfc36u2NFFB9PN53gn8XcekWSmFR1Z2 HtXarRusF3tbH8Jghjp6c/m1z4vPI5JNcxrVWgMqT2bu+Vy27rCbaFqdeAvxGJisGZrf t7UD3T2Mao6BVOKjbaONYJucfpPuOKFdC3oo0FG9YtEtp8LRJuNAbBVLiWUzOR7oiXiV kmmXJbcJZB+aRJxjg6m6R0a/J6/YYS74iolQK7jvsTRQxqHHP0o66i3e1MYW8ourlK2Z FOkg==
Received: by 10.68.192.7 with SMTP id hc7mr24313634pbc.6.1347912586869; Mon, 17 Sep 2012 13:09:46 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id qn3sm7455114pbc.6.2012.09.17.13.09.36 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 17 Sep 2012 13:09:43 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667B5443@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Mon, 17 Sep 2012 13:09:34 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <AE2182E3-232D-4000-B3B4-07AEDD4AE44D@gmail.com>
References: <01eb01cd8add$30ea9d60$92bfd820$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943667B5443@TK5EX14MBXC284.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1278)
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Use of Base64 encoding
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2012 20:09:48 -0000

My recollection of the reasons for URL safe base64 encoding 3 years ago was to minimize implementation and deployment errors when objects are including as parameters in URLs. Several implementors of other encodings had nightmare debug sessions that were caused by URL encoding / decoding issues.

Is there any reason to NOT use URL safe base64 encoding? 

On Sep 4, 2012, at 1:45 PM, Mike Jones wrote:

> Having multiple ways to do something never helps improve interop
> 
> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
> Sent: Tuesday, September 04, 2012 1:38 PM
> To: jose@ietf.org
> Subject: [jose] Use of Base64 encoding
> 
> <personal>
> 
> I was struck by the questions of which base64 encoder should be used in the different documents that the working group employed and I started going through the different locations in the document to see where and how much it mattered if the base64 or base64URL encoder was used.  This message represents my conclusions and leads to some questions
> 
> 1.  The simple dot encoding of the objects does require it as it will possibly be sent as part of a URL 2.  If you are going to be in a space constrained environment then you MIGHT want it as it will shrink the result, however doing a solution that deals with binary data more generally would be a better solution.
> 3.  Joe might have an argument that only doing things one way is simpler, however that argument can apply in both directions
> 
> The rest of the time I don't think it matters which of the encoding formats is used.  If you are looking at the SHA-1 hash of a certificate, does it matter if you use base64 or base64URL, not except for the minor size increase.  The padding characters themselves are protected from the URL by the outside base64URL encoding.
> 
> Except for the case of the dot encoding step, I think that the use of base64 URL can be dropped from a MUST to a SHOULD with the justifications being explained.  It was stated at the F2F that the difference in the decoders is minimal so there is no reason not to allow there and this would allow different people to make different decisions on this issue.
> 
> Jim
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.46.0 | Report a Bug | By Email | System Status