[jose] Last Call: <draft-ietf-jose-jws-signing-input-options-06.txt> (JWS Unencoded Payload Option) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 25 November 2015 15:10 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: jose@ietf.org
Delivered-To: jose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D5D1B2DE6; Wed, 25 Nov 2015 07:10:29 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20151125151029.15437.49702.idtracker@ietfa.amsl.com>
Date: Wed, 25 Nov 2015 07:10:29 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/aVhbYWByTW7o_KLJVCxICr7wigg>
Cc: jose-chairs@ietf.org, ietf@augustcellars.com, mbj@microsoft.com, Kathleen.Moriarty.ietf@gmail.com, draft-ietf-jose-jws-signing-input-options@ietf.org, jose@ietf.org
Subject: [jose] Last Call: <draft-ietf-jose-jws-signing-input-options-06.txt> (JWS Unencoded Payload Option) to Proposed Standard
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 15:10:29 -0000
The IESG has received a request from the Javascript Object Signing and Encryption WG (jose) to consider the following document: - 'JWS Unencoded Payload Option' <draft-ietf-jose-jws-signing-input-options-06.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-12-09. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract JSON Web Signature (JWS) represents the payload of a JWS as a base64url encoded value and uses this value in the JWS Signature computation. While this enables arbitrary payloads to be integrity protected, some have described use cases in which the base64url encoding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not base64url- encode the payload. This option is intended to broaden the set of use cases for which the use of JWS is a good fit. This specification updates RFC 7519 by prohibiting the use of the unencoded payload option in JSON Web Tokens (JWTs). The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-options/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-options/ballot/ No IPR declarations have been submitted directly on this I-D.