[jose] Last Call: <draft-ietf-jose-jws-signing-input-options-06.txt> (JWS Unencoded Payload Option) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Wed, 25 November 2015 15:10 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: jose@ietf.org
Delivered-To: jose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D5D1B2DE6; Wed, 25 Nov 2015 07:10:29 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
Message-ID: <20151125151029.15437.49702.idtracker@ietfa.amsl.com>
Date: Wed, 25 Nov 2015 07:10:29 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/aVhbYWByTW7o_KLJVCxICr7wigg>
Cc: jose-chairs@ietf.org, ietf@augustcellars.com, mbj@microsoft.com, Kathleen.Moriarty.ietf@gmail.com, draft-ietf-jose-jws-signing-input-options@ietf.org, jose@ietf.org
Subject: [jose] Last Call: <draft-ietf-jose-jws-signing-input-options-06.txt> (JWS Unencoded Payload Option) to Proposed Standard
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 15:10:29 -0000

The IESG has received a request from the Javascript Object Signing and
Encryption WG (jose) to consider the following document:
- 'JWS Unencoded Payload Option'
  <draft-ietf-jose-jws-signing-input-options-06.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-12-09. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


   JSON Web Signature (JWS) represents the payload of a JWS as a
   base64url encoded value and uses this value in the JWS Signature
   computation.  While this enables arbitrary payloads to be integrity
   protected, some have described use cases in which the base64url
   encoding is unnecessary and/or an impediment to adoption, especially
   when the payload is large and/or detached.  This specification
   defines a means of accommodating these use cases by defining an
   option to change the JWS Signing Input computation to not base64url-
   encode the payload.  This option is intended to broaden the set of
   use cases for which the use of JWS is a good fit.

   This specification updates RFC 7519 by prohibiting the use of the
   unencoded payload option in JSON Web Tokens (JWTs).

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.