IETF Logo Mail Archive

Re: [jose] "x5c" - JSON Compatible?

John Bradley <ve7jtb@ve7jtb.com> Tue, 13 January 2015 19:49 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0C91ACE91 for <jose@ietfa.amsl.com>; Tue, 13 Jan 2015 11:49:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PrpYAmsyyrvY for <jose@ietfa.amsl.com>; Tue, 13 Jan 2015 11:49:47 -0800 (PST)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28ADA1ACEA3 for <jose@ietf.org>; Tue, 13 Jan 2015 11:49:46 -0800 (PST)
Received: by mail-qc0-f182.google.com with SMTP id r5so3961487qcx.13 for <jose@ietf.org>; Tue, 13 Jan 2015 11:49:45 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=y/2kmoCvLxjwiZWz1NHpIkE4ihyQ5BRhlWjwkRZoepM=; b=JSG4Pm/Qs2bfE+mSSUYVTbRv67voSSEwKzYGs2g5az7s+2+rflbZ3tNqVpVppHZBeR MZT1J4mz4zDwg3z40yh8ue2CEhRVibcR0hqAEt5JbopRzN7frQTbeYyHYNI9ysn+WJ12 trczUcrGHwU1ji9rNTKfwMfNWXX4N4+DKM6xiqy1+pynnRXlhpFDjggbMNRiwx7X2dfS VO0pORbW49hvwCiLDQ1KaTKI39mMCriLwop22IYfAMC3x650qV5e+povp33Tm5OwDV3l YHhIbSz07H1v6TMdCIncqBNq3voaf192mGVtPdQa4TeMHv5md+1ekHkigQbgypuHiFSs QhpQ==
X-Gm-Message-State: ALoCoQkSmmiAPvBQSaC4Ss2RnCsBmAd+77U4OpMiwOEwPxWNdLhUn0BODot0LLPuIWQ3na5aaUWT
X-Received: by 10.140.92.209 with SMTP id b75mr214197qge.60.1421178585738; Tue, 13 Jan 2015 11:49:45 -0800 (PST)
Received: from [192.168.8.100] ([186.65.196.69]) by mx.google.com with ESMTPSA id r2sm18553590qah.1.2015.01.13.11.49.42 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 13 Jan 2015 11:49:44 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_5F87FF07-7A67-4CB3-AEB1-A85CF64257DE"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BC6C0D3@TK5EX14MBXC287.redmond.corp.microsoft.com>
Date: Tue, 13 Jan 2015 16:49:39 -0300
Message-Id: <FB0E8166-57D8-43F9-AA8F-680A146CEEA3@ve7jtb.com>
References: <54B4ED80.2060501@gmail.com> <CAL02cgRQEnM+d4CnwxR=HL1QOQbS6fQyU894spv2Wj-zFhi4Hg@mail.gmail.com> <54B50BF4.5080709@gmail.com> <CAEnTvdA853xqpzJb0_Skjbg1RT3zngAwzU6iEiB0OQzDP5hUVQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439BC6C0D3@TK5EX14MBXC287.redmond.corp.microsoft.com>
To: Michael Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/Jr77LBu5DbbZSvbvMc_-8b0NdpQ>
Cc: "jose@ietf.org" <jose@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [jose] "x5c" - JSON Compatible?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 19:49:50 -0000

Mike,

According to [RFC4648] Section 4 <https://tools.ietf.org/html/rfc4648#section-4>  whitespace are not valid base64 encoding characters.  

Older PEM specifications required breaking up into lines of 64 characters.   Most base64 decoders ignore whitespace to be backwards compatible, but that doesn't make whitespace valid to produce.

Some software like openSSL will need the strings "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" appended and line breaks added for import.

I don't see the text about including line breaks in the current draft 39 Sec 4.7. of JWK.

I think the only thing required is the note about line breaks within values being for display only is all that is needed.

So no whitespace in the value and applications add it if required for importing as a PEM encoded cert.

John B.

 

On Jan 13, 2015, at 3:33 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:[RFC4648] Section 4 <https://tools.ietf.org/html/rfc4648#section-4>
> 
> We should add the standard disclaimer “(with line breaks within values for display purposes only)” to the description of the example.
>  
>                                                             -- Mike
>  
> From: jose [mailto:jose-bounces@ietf.org <mailto:jose-bounces@ietf.org>] On Behalf Of Mark Watson
> Sent: Tuesday, January 13, 2015 8:53 AM
> To: Anders Rundgren
> Cc: Richard Barnes; jose@ietf.org <mailto:jose@ietf.org>
> Subject: Re: [jose] "x5c" - JSON Compatible?
>  
>  
>  
> On Tue, Jan 13, 2015 at 4:13 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> On 2015-01-13 12:35, Richard Barnes wrote:
> 
> 
> On Tuesday, January 13, 2015, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
> 
>     The spec claims the following:
> 
>        "Note that since these strings contain base64 encoded
>        (not base64url encoded) values, they are allowed to contain
>        white space and line breaks."
> 
>     Is this really JSON compliant?
> 
>     I didn't interpret the JSON spec in that way and Python and Chrome seems to agree with me.
> 
>     What's I'm missing here?
> 
> 
> Are you seriously suggesting that JSON strings can't contain white space?
> 
> Control characters have to be escaped, but they can definitely be there.
> 
> JSON.parse('["this is...\\u000A...a string"]')
> 
> Sure, but the example in appendix B wouldn't parse.
> Shouldn't a proper text say that possible line-breaks MUST be properly escaped.
>  
> ​Line breaks in JSON do have to be escaped, either as above or with \r \n. This is clear at www.json.org <http://www.json.org/>.
>  
> …Mark​
>  
>  
> 
> Anders
> 
> 
> --Richard
> 
> 
>     Cheers
>     Anders
> 
>     _________________________________________________
>     jose mailing list
>     jose@ietf.org <mailto:jose@ietf.org>
>     https://www.ietf.org/mailman/__listinfo/jose <https://www.ietf.org/mailman/__listinfo/jose> <https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose>>
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org <mailto:jose@ietf.org>
> https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose>
>  
> _______________________________________________
> jose mailing list
> jose@ietf.org <mailto:jose@ietf.org>
> https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose>

v2.23.0 | Report a Bug | By Email