Re: [jose] signing an existing JWT
Axel Nennker <ignisvulpis@gmail.com> Tue, 30 October 2012 00:10 UTC
Return-Path: <ignisvulpis@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E4721F86BA for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 17:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkTH55Hb1uEW for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 17:10:12 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by ietfa.amsl.com (Postfix) with ESMTP id 478D021F86A1 for <jose@ietf.org>; Mon, 29 Oct 2012 17:10:12 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id hr7so2233704wib.13 for <jose@ietf.org>; Mon, 29 Oct 2012 17:10:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zEJMTb+/PaSOHk0U2/C+oSqBTtJ7zmQdglAtva1TB2I=; b=s5DxmqYKD85whZwszaO9cv4oPQKvIQqDdyBl1ljWIb4/iZuwHLF9oQvBtut0kbz8TR DUEwya6nUKvv/aiNpDe7OX0P/Y8hMD3Q6ewhs278vrpC3uzsHr5Wot685A2G6ws7vGgK +oR2O8trbEyqiUbGxKlmICkUYgmiXanX8ZS/+Pn+eHQE633ybfbBxqSM9XlvBOmIgxDY 9io7APZ42GUt0x4W39xGxy+ykfgFalQgwKunsftOBnRSo+Jd8b5QlxqOucScCHaPBtQX Wbzryw7JOuWYJ8yh7z81KjK6uBheWmeZPPm5hZxoZCiFKRKgPRZoKFsFxS9DgyTnDEXf rZRA==
MIME-Version: 1.0
Received: by 10.216.131.85 with SMTP id l63mr14887336wei.110.1351555808432; Mon, 29 Oct 2012 17:10:08 -0700 (PDT)
Received: by 10.216.54.130 with HTTP; Mon, 29 Oct 2012 17:10:08 -0700 (PDT)
In-Reply-To: <E49DC4E2-6F5F-4C84-955F-BE3EE9EE34A9@gmail.com>
References: <E49DC4E2-6F5F-4C84-955F-BE3EE9EE34A9@gmail.com>
Date: Tue, 30 Oct 2012 01:10:08 +0100
Message-ID: <CAHcDwFxYmgOhWt6gqhEV14xHLwCnZf7+VKwsEyzBQwLNr84VNA@mail.gmail.com>
From: Axel Nennker <ignisvulpis@gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="0016e6d99ee1db13a304cd3b9bde"
Cc: jose@ietf.org
Subject: Re: [jose] signing an existing JWT
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2012 00:10:13 -0000
An answer not related to the size issue which might be relevant regardless: http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html --Axel 2012/10/29 Dick Hardt <dick.hardt@gmail.com> > > Let's say we have created a JWE as such: > > > headerOne.encryptedKeyOne.initializationVectorOne.ciphertextOne.integritityVectorOne > > This is now the payload to a JWS. Rather than increasing the token size by > 4/3 by URL safe base 64 encoding the payload (since it is already URL > safe), it would be useful to have a JWS header parameter that indicates the > payload was not re-encoded and does not need to be URL safe base 64 decoded. > > As there are more periods than expected in a JWS, decoding would ignore > all periods except the first and last one for separating out the header, > payload and signature. > > The indicating parameter would seem to be either "tip" or "cty". I'm still > confused about the difference between the two parameters, so not sure which > one is appropriate. > > -- Dick > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] signing an existing JWT Dick Hardt
- Re: [jose] signing an existing JWT Axel Nennker
- Re: [jose] signing an existing JWT Dick Hardt