IETF Logo Mail Archive

Re: [jose] #26: Allow for signature payload to not be base64 encoded

Dick Hardt <dick.hardt@gmail.com> Wed, 03 July 2013 21:24 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 236E121F9D79 for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 14:24:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HvTCY9b+Pej for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 14:24:00 -0700 (PDT)
Received: from mail-bk0-x236.google.com (mail-bk0-x236.google.com [IPv6:2a00:1450:4008:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 64D5521F9D55 for <jose@ietf.org>; Wed, 3 Jul 2013 14:23:54 -0700 (PDT)
Received: by mail-bk0-f54.google.com with SMTP id it16so300863bkc.41 for <jose@ietf.org>; Wed, 03 Jul 2013 14:23:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=QUgy+k/zOUMhhMN3WnPQ2K74tFq16trOjQIaVKMbGKo=; b=r4ATaqwMDsLmBYjPSgXaIHlDsHQfuK/v/yI4K+gAD4I1x7C07H2igzOSz0aDMrWXeY mnN3LLWkKHbQ1yZukB8y09xbdJRNXNBbz9z1a0dZjvhokwXm4Jql1+Cf1Ocwc/NIKBj7 S7MM5rIclNApLRgWqaQqy/aGdayUJuA9+B22XtY7yA5sS+Jc09HHWGM7OwiH7wFLOQPH biHkn84hiifGrbjwZGwWYR902xd8DJnWN4zsPE0gPEA5S7AWIN2ioACUt9FnwiCi/3oj bxm7yQDsE09ItVkrIjR/V4xeKmJ7Swem7DNmc2O0WCs3D4aVfih9uNffNSHtBHjkFpWv Z67Q==
X-Received: by 10.205.36.194 with SMTP id tb2mr432128bkb.174.1372886633384; Wed, 03 Jul 2013 14:23:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.205.133.75 with HTTP; Wed, 3 Jul 2013 14:23:33 -0700 (PDT)
In-Reply-To: <CAL02cgSEbk9OQ6ZJMnpXCdi9Tt7fLrFpwmLPAZYpx-MzVzNKRg@mail.gmail.com>
References: <061.c2fcfec0a75d48eb8b194991ce56157e@trac.tools.ietf.org> <076.3f5d1244c042cd87bfb07814924fcbc9@trac.tools.ietf.org> <033a01ce729b$26bc3910$7434ab30$@augustcellars.com> <51CBA981.4050006@nri.co.jp> <048f01ce7355$19f05bc0$4dd11340$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943678A0114@TK5EX14MBXC283.redmond.corp.microsoft.com> <04bf01ce7359$5ab862c0$10292840$@augustcellars.com> <CAL02cgTkUrQptGqOfQyhCembS1e3Qxw3peRFnO5QjswUW=XR-w@mail.gmail.com> <CAD9ie-sZ+w_HADMTnnkTC8XRJmjZvwYOmA+AhvJGTNPhhK=Z4g@mail.gmail.com> <CAL02cgQbAQ8zhumdR_uvXjhbZM0iXpfPnmgcJrMUuh4+bj11NA@mail.gmail.com> <CAD9ie-sBGnv5QbjFeQiXiMJ0Git06LPsAkoNeN7KZxRNqukv3w@mail.gmail.com> <CAL02cgSFjiBUECdUoVbArdszRCPgsfLX_Yr11zDUjrrX3RTPaw@mail.gmail.com> <DED9A23D-E0C9-4498-B894-D2A461EA67C1@gmail.com> <CAL02cgQ2kiYJb2ucQLLHbYrQNg7_1nvuBoqyZKqWZiZoEmcjZA@mail.gmail.com> <CAD9ie-vs_Rv1bQFV6r-viNd9CLLOhY6Ty23PaJM7HQPGYu3ZEA@mail.gmail.com> <CAL02cgSEbk9OQ6ZJMnpXCdi9Tt7fLrFpwmLPAZYpx-MzVzNKRg@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Wed, 03 Jul 2013 14:23:33 -0700
Message-ID: <CAD9ie-uLHg08s-CKKpKYvmtH03doFh46psMrM-nco5X+MUDwcA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="bcaec52996eb19bd9604e0a21462"
Cc: Jim Schaad <ietf@augustcellars.com>, n-sakimura <n-sakimura@nri.co.jp>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature@tools.ietf.org" <draft-ietf-jose-json-web-signature@tools.ietf.org>
Subject: Re: [jose] #26: Allow for signature payload to not be base64 encoded
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 21:24:02 -0000

I'm guessing that per: http://datatracker.ietf.org/wg/jose/charter/

- A Standards Track document specifying a representation of encrypted
data using JSON data structures, where the data to be protected
includes (but is not limited to) JSON data structures.

You are looking to use JSON as the wrapper for a JSON string.

Interesting, but I think that should be a different document as it solves
very different use cases and the processing is very different.



On Wed, Jul 3, 2013 at 2:15 PM, Richard Barnes <rlb@ipv.sx> wrote:

> On Wed, Jul 3, 2013 at 1:55 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
>> On Wed, Jul 3, 2013 at 9:04 AM, Richard Barnes <rlb@ipv.sx> wrote:
>>
>>> On Tue, Jul 2, 2013 at 8:14 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>>>
>>>> Hi Richard, thanks for the example, some comments and questions:
>>>>
>>>> To clarify, in the JSON (non-compact) version, the payload is
>>>> restricted to being a string? ie. it cannot be a JSON object? If so, that
>>>> seems really limiting.
>>>>
>>>
>>> The payload can be anything that can be expressed as a JSON string.  The
>>> payload needs to be serialized, not as a JSON entity (object, array,
>>> number), because it's going to be input to a signature verification
>>> operation (so it needs to be canonical).  Every JSON string has a unique
>>> representation in UTF-8, so we can use that for anything that can be put
>>> into a string.
>>>
>>
>> So it is just a string that has had control characters escaped
>> (",\,/,backspace, formfeed, newline, carriage return, horizontal tab)
>>
>> This is in sharp contrast to the compact form that takes a JSON object.
>>
>> I have a hard time understanding how this even fits into the WG Charter
>> as your proposal is not transporting JSON. (yes, a JSON string is part of
>> JSON, but it does not have the value proposition that a JSON object has)
>>
>> Am I missing something?
>>
>> -- Dick
>>
>
> Yeah, I think you might be a little confused.  Right now, the payload can
> be any octets -- JSON, UTF-8, EBCDIC, JPEG, QuickTime, whatever. That's
> true for both the JSON and compact serializations. And that's why in
> general, the payload has to be base64-encoded to be able to carry it in
> JSON.
>
> This proposal is just saying that when you have content that can be
> represented as UTF-8 (e.g., JSON or HTML), you don't have to base64 encode
> it, you can just stick it in a JSON string.
>
> --Richard
>
>

v2.36.0 | Report a Bug | By Email | System Status