Re: [jose] "x5c" - JSON Compatible?
John Bradley <ve7jtb@ve7jtb.com> Tue, 13 January 2015 21:50 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75FE1AD49D for <jose@ietfa.amsl.com>; Tue, 13 Jan 2015 13:50:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knQmJkkXBvRj for <jose@ietfa.amsl.com>; Tue, 13 Jan 2015 13:50:35 -0800 (PST)
Received: from mail-qa0-f53.google.com (mail-qa0-f53.google.com [209.85.216.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84A4A1ACD47 for <jose@ietf.org>; Tue, 13 Jan 2015 13:50:35 -0800 (PST)
Received: by mail-qa0-f53.google.com with SMTP id n4so4107870qaq.12 for <jose@ietf.org>; Tue, 13 Jan 2015 13:50:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=xqLi6LuwmHiMMU8ggMaNZd9DLlKeYZr93aBzFH40hMk=; b=KvB4vUhl7V0sA+CdvWEhKFCa7DjI0JDEsyWtzMhlT82Q5GENHsBjOmKURJoh/y9WKf DLZGQ/+hl3FOKqydrj6k3FsTNwfs23cZJKJU4YXf7G0FDMaw3cxwYFVz/Qcax2/+rT/a W1EbhQpbKIAwwZSg4+/SlwarV6qfSMQcRvtzX/3cUjjsHz/Nrv7hOGrB6Fv3zZ/zfaHj cFHLN0PuCFWHGx8j7OqHhDRn04/dN75P0xGojdwNEljn02oS1XuToYbfgCagk7qd7apW Lyp55G8IA1u4CS497O+fVX5m887k2Ixd1oqq3Stf/Rrbh2C5QHfnqpO2WHdVn4Ism4V0 +k4Q==
X-Gm-Message-State: ALoCoQmQLof5uy7imuq100bJKshexatiFIjGz3wLqze3lonPTUzMpuIF0hrO/h6hyjeMySaoqWUy
X-Received: by 10.140.81.166 with SMTP id f35mr1332890qgd.0.1421185833928; Tue, 13 Jan 2015 13:50:33 -0800 (PST)
Received: from [192.168.8.100] ([186.65.196.69]) by mx.google.com with ESMTPSA id p38sm18751611qgd.31.2015.01.13.13.50.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 13 Jan 2015 13:50:33 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_59AB97A2-48F9-42C1-AA1A-F9A4A5E0FA3C"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BC6C9A6@TK5EX14MBXC287.redmond.corp.microsoft.com>
Date: Tue, 13 Jan 2015 18:50:28 -0300
Message-Id: <49F37CEC-DA31-49B8-87F0-FBACBF861235@ve7jtb.com>
References: <54B4ED80.2060501@gmail.com> <CAL02cgRQEnM+d4CnwxR=HL1QOQbS6fQyU894spv2Wj-zFhi4Hg@mail.gmail.com> <54B50BF4.5080709@gmail.com> <CAEnTvdA853xqpzJb0_Skjbg1RT3zngAwzU6iEiB0OQzDP5hUVQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439BC6C0D3@TK5EX14MBXC287.redmond.corp.microsoft.com> <FB0E8166-57D8-43F9-AA8F-680A146CEEA3@ve7jtb.com> <4E1F6AAD24975D4BA5B16804296739439BC6C9A6@TK5EX14MBXC287.redmond.corp.microsoft.com>
To: Michael Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/KEyBEiFZDj4LHHuSPfUdf_igbi8>
Cc: "jose@ietf.org" <jose@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [jose] "x5c" - JSON Compatible?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 21:50:39 -0000
Yes that conflicts with the correct definition of x5c in JWK. John B. > On Jan 13, 2015, at 6:15 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > > Then we also need to delete this sentence in http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-39#appendix-B <http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-39#appendix-B>, since it’s incorrect: > > Note that since these strings contain > base64 encoded (not base64url encoded) values, they are allowed to > contain white space and line breaks. > > Thanks for the last-minute catch! > > -- Mike > > From: John Bradley [mailto:ve7jtb@ve7jtb.com] > Sent: Tuesday, January 13, 2015 11:50 AM > To: Mike Jones > Cc: Anders Rundgren; jose@ietf.org > Subject: Re: [jose] "x5c" - JSON Compatible? > > Mike, > > According to [RFC4648] Section 4 <https://tools.ietf.org/html/rfc4648#section-4> whitespace are not valid base64 encoding characters. > > Older PEM specifications required breaking up into lines of 64 characters. Most base64 decoders ignore whitespace to be backwards compatible, but that doesn't make whitespace valid to produce. > > Some software like openSSL will need the strings "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" appended and line breaks added for import. > > I don't see the text about including line breaks in the current draft 39 Sec 4.7. of JWK. > > I think the only thing required is the note about line breaks within values being for display only is all that is needed. > > So no whitespace in the value and applications add it if required for importing as a PEM encoded cert. > > John B. > > > > On Jan 13, 2015, at 3:33 PM, Mike Jones <Michael.Jones@microsoft.com <mailto:Michael.Jones@microsoft.com>> wrote:[RFC4648] Section 4 <https://tools.ietf.org/html/rfc4648#section-4> > > We should add the standard disclaimer “(with line breaks within values for display purposes only)” to the description of the example. > > -- Mike > > From: jose [mailto:jose-bounces@ietf.org <mailto:jose-bounces@ietf.org>] On Behalf Of Mark Watson > Sent: Tuesday, January 13, 2015 8:53 AM > To: Anders Rundgren > Cc: Richard Barnes; jose@ietf.org <mailto:jose@ietf.org> > Subject: Re: [jose] "x5c" - JSON Compatible? > > > > On Tue, Jan 13, 2015 at 4:13 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > On 2015-01-13 12:35, Richard Barnes wrote: > > > On Tuesday, January 13, 2015, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote: > > The spec claims the following: > > "Note that since these strings contain base64 encoded > (not base64url encoded) values, they are allowed to contain > white space and line breaks." > > Is this really JSON compliant? > > I didn't interpret the JSON spec in that way and Python and Chrome seems to agree with me. > > What's I'm missing here? > > > Are you seriously suggesting that JSON strings can't contain white space? > > Control characters have to be escaped, but they can definitely be there. > > JSON.parse('["this is...\\u000A...a string"]') > > Sure, but the example in appendix B wouldn't parse. > Shouldn't a proper text say that possible line-breaks MUST be properly escaped. > > Line breaks in JSON do have to be escaped, either as above or with \r \n. This is clear at www.json.org <http://www.json.org/>. > > …Mark > > > > Anders > > > --Richard > > > Cheers > Anders > > _________________________________________________ > jose mailing list > jose@ietf.org <mailto:jose@ietf.org> > https://www.ietf.org/mailman/__listinfo/jose <https://www.ietf.org/mailman/__listinfo/jose> <https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose>> > > > _______________________________________________ > jose mailing list > jose@ietf.org <mailto:jose@ietf.org> > https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose> > > _______________________________________________ > jose mailing list > jose@ietf.org <mailto:jose@ietf.org> > https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose>
- Re: [jose] "x5c" - JSON Compatible? Richard Barnes
- [jose] "x5c" - JSON Compatible? Anders Rundgren
- Re: [jose] "x5c" - JSON Compatible? Anders Rundgren
- Re: [jose] "x5c" - JSON Compatible? Mark Watson
- Re: [jose] "x5c" - JSON Compatible? Mike Jones
- Re: [jose] "x5c" - JSON Compatible? Anders Rundgren
- Re: [jose] "x5c" - JSON Compatible? John Bradley
- Re: [jose] "x5c" - JSON Compatible? Mike Jones
- Re: [jose] "x5c" - JSON Compatible? John Bradley
- Re: [jose] "x5c" - JSON Compatible? Anders Rundgren