IETF Logo Mail Archive

[jose] JWS Unencoded Payload Option spec with reworked security considerations

Mike Jones <Michael.Jones@microsoft.com> Thu, 19 November 2015 04:59 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D67781A879F for <jose@ietfa.amsl.com>; Wed, 18 Nov 2015 20:59:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCdCL4OnBQKa for <jose@ietfa.amsl.com>; Wed, 18 Nov 2015 20:59:05 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0102.outbound.protection.outlook.com [65.55.169.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 089061A879A for <jose@ietf.org>; Wed, 18 Nov 2015 20:59:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=k1i6mq5Tczr65pJCElC6tSMTX+/Iqpvm6LPe7RzuQBY=; b=c+vFafPbtxo4DnlmsJkVn2iFuXy7BZLMZJ5PZLZhxsKmfD5Dq7qtY/hvFhdxHdmQWoLTwL47QoMJUNJyD6qN+S4v/fkTkSkSQo/NbytpwtRPyspfDde1GqD07wOgSAaoK1DXwSx0WhK3pg01bSVCkibJoHxq505U/e4xNdCZFNA=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.325.17; Thu, 19 Nov 2015 04:59:02 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0325.019; Thu, 19 Nov 2015 04:59:02 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JWS Unencoded Payload Option spec with reworked security considerations
Thread-Index: AdEihwHhQofFhsr1QruZwcILBS4wHA==
Date: Thu, 19 Nov 2015 04:59:02 +0000
Message-ID: <BY2PR03MB442257B335441351970B8A4F51B0@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.85.157]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:Ko5yGCNi9DEmWlrSgyNJqixv/YucTi3vLNlP1nCwGWnFd5gSqFxqnErgUo/Nsu+V1dZAxJdIr2s2CxnrgWcDh3Odl9MTEVYvudIXoixKmf+aAccPb47F28jroXvOKMxacpAHmErppA9PoB7FuDwawA==; 24:hUgvFcoCh9bm129jo8m/+jF5+Wc4OtSZ6rxer8oY+PPBD0Soq/8o/tCW4B3549J3/aBDFhO9S2WASsFkEjzBzjVl/81oCI+Coe9VoMxIa4U=; 20:++Ur6IHTqF9lSBHC+olpj4gtIgeFJXX69a6IliDagna/eadzFlFM9cn/qxWGCaKdu5lOXUvrns57eFUy2gpD8g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB44336601F4A6F4DED38C4CBF51B0@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001)(61426024)(61427024); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 07658B8EA3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(189002)(199003)(122556002)(2501003)(5005710100001)(19609705001)(92566002)(586003)(2420400006)(450100001)(10290500002)(10400500002)(5008740100001)(8990500004)(76576001)(10090500001)(50986999)(33656002)(101416001)(15975445007)(16236675004)(5003600100002)(10710500006)(19625215002)(87936001)(77096005)(2900100001)(106356001)(105586002)(99286002)(81156007)(189998001)(5002640100001)(2351001)(74316001)(54356999)(7110500001)(19300405004)(5004730100002)(66066001)(110136002)(19617315012)(86362001)(5001960100002)(5007970100001)(19580395003)(40100003)(11100500001)(97736004)(229853001)(3846002)(790700001)(86612001)(107886002)(102836003)(6116002)(5001920100001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB442257B335441351970B8A4F51B0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2015 04:59:02.5012 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/DgzYpkmjO6MAI7plW6jdhtANPWE>
Subject: [jose] JWS Unencoded Payload Option spec with reworked security considerations
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 04:59:11 -0000

Draft -05 of the JWS Unencoded Payload Option specification reworked the security considerations text on preventing confusion between encoded and unencoded payloads.

The specification is available at:

*         http://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-05

An HTML formatted version is also available at:

*         http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-05.html

                                                                -- Mike

P.S.  This note was also published at http://self-issued.info/?p=1482 and as @selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7c3a69db7b8b6c4d47da0f08d2937a3d82%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ggurSMkRVW%2bR8Nv93Mnbsf16CmVGqfjB9lW8SV5gAKM%3d>.

v2.23.0 | Report a Bug | By Email