[jose] #24: Move JWS headers into signature block
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Tue, 11 June 2013 20:23 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A145721F99EE for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 13:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xrxt+ULkECeO for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 13:23:39 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id CA26821F99ED for <jose@ietf.org>; Tue, 11 Jun 2013 13:23:34 -0700 (PDT)
Received: from localhost ([127.0.0.1]:48908 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UmV6C-0001T7-KD; Tue, 11 Jun 2013 22:23:24 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Tue, 11 Jun 2013 20:23:24 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/24
Message-ID: <049.3a20609eab4b4c08a7e01f21f6d6565d@trac.tools.ietf.org>
X-Trac-Ticket-ID: 24
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130611202334.CA26821F99ED@ietfa.amsl.com>
Resent-Date: Tue, 11 Jun 2013 13:23:34 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #24: Move JWS headers into signature block
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 20:23:43 -0000
#24: Move JWS headers into signature block
The JWS JSON serialization currently has a header and protected header at
the top level and at the per-signature level. The ones at the top level
are unnecessary, since every signer can do things differently, and each
can choose to sign different attributes. So both protected and
unprotected headers should move into the "signatures" objects.
OLD:
"""
{"protected":<integrity-protected shared header contents>",
"unprotected":<non-integrity-protected shared header contents>",
"payload":"<payload contents>"
"signatures":[
{"header":"<per-signature unprotected header 1 contents>",
"signature":"<signature 1 contents>"},
...
{"header":"<per-signature unprotected header N contents>",
"signature":"<signature N contents>"}],
}
"""
NEW:
"""
{
"payload":"<payload contents>"
"signatures":[
{"header":"<per-signature unprotected header 1 contents>",
"protected":"<per-signature protected header 1 contents>",
"signature":"<signature 1 contents>"},
...
{"header":"<per-signature unprotected header N contents>",
"protected":"<per-signature protected header N contents>",
"signature":"<signature N contents>"}],
}
"""
This makes the compact form equivalent to:
{
"payload": "<JWS Encoded Payload>",
"signatures": [{
"protected": "<JWS Encoded Header>",
"signature": "<JWS Signature Value>"
}]
}
It also makes detached signatures natural, since you just can take the
object out of the signatures array.
--
-------------------------+-------------------------------------------------
Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web-
Type: defect | signature@tools.ietf.org
Priority: major | Status: new
Component: json-web- | Milestone:
signature | Version:
Severity: - | Keywords:
-------------------------+-------------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/24>
jose <http://tools.ietf.org/jose/>
- [jose] #24: Move JWS headers into signature block jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Daniel Holth
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Brian Campbell