Re: [jose] Is this a legal JOSE message

Jim Schaad <> Wed, 30 October 2019 02:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 54CF01200A3 for <>; Tue, 29 Oct 2019 19:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aYuhYJ8iVdna for <>; Tue, 29 Oct 2019 19:21:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 91FFA12009E for <>; Tue, 29 Oct 2019 19:21:45 -0700 (PDT)
Received: from Jude ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 29 Oct 2019 19:21:40 -0700
From: Jim Schaad <>
To: 'Mike Jones' <>, <>
References: <043901d58eab$f58789b0$e0969d10$> <>
In-Reply-To: <>
Date: Tue, 29 Oct 2019 19:21:38 -0700
Message-ID: <045101d58ec8$c402f830$4c08e890$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIbbgtA36rujj6O1qRTLSUW0bD5TgNJLgRbpsxr4vA=
Content-Language: en-us
X-Originating-IP: []
Archived-At: <>
Subject: Re: [jose] Is this a legal JOSE message
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 02:21:47 -0000

Ok - assume that I got that field base64 encoded correctly. And re-ask the

-----Original Message-----
From: Mike Jones <> 
Sent: Tuesday, October 29, 2019 4:25 PM
To: Jim Schaad <>om>;
Subject: RE: [jose] Is this a legal JOSE message

I believe that h'0101...' isn't legal JSON.  The JWS "signature" value is a
string representing the base64url encoding of the signature.

				-- Mike

-----Original Message-----
From: jose <> On Behalf Of Jim Schaad
Sent: Tuesday, October 29, 2019 3:55 PM
Subject: [jose] Is this a legal JOSE message

I have been trying to get my JOSE implementation back up to snuff because it
turns out that I need it for some of the ACE work.  Part of that means that
I am producing unit tests and making sure that each of the pieces works
correctly.  As part of that effort I ended up producing the attached file.
As near as I can tell from diving through the JWE and JWS specifications,
this is a legal JWE and JWS file.

1.  Please point me to the text in the two documents which says that this is
not a legal message.
2.  If the text does not exist, was it meant to be a legal message?
3.  If it was not meant to be a legal message, can we get some text to add
to both of the documents so that this will be detected as an illegal

For people wishing to validate the message(s), I used the keys from the