Re: [jose] At a glance: JWS vs "in-object" ES6/JSON signatures
"Jim Schaad" <ietf@augustcellars.com> Thu, 29 October 2015 11:50 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896131B2DB5 for <jose@ietfa.amsl.com>; Thu, 29 Oct 2015 04:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qb-FxOfSCXzP for <jose@ietfa.amsl.com>; Thu, 29 Oct 2015 04:50:44 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C4621B2DAE for <jose@ietf.org>; Thu, 29 Oct 2015 04:50:43 -0700 (PDT)
Received: from hebrews (unknown [104.129.198.111]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id 5A9E238F26; Thu, 29 Oct 2015 04:50:42 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Anders Rundgren' <anders.rundgren.net@gmail.com>, jose@ietf.org
References: <5631BF2A.70109@gmail.com>
In-Reply-To: <5631BF2A.70109@gmail.com>
Date: Thu, 29 Oct 2015 04:47:54 -0700
Message-ID: <007201d1123f$a68579e0$f3906da0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
thread-index: AQHwtP3moY6/6CATtR0qnpcHwX9xkp5DFQ4g
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/d52XHgg2Ub8qEbruxvv3WAHeclA>
Subject: Re: [jose] At a glance: JWS vs "in-object" ES6/JSON signatures
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2015 11:50:45 -0000
Is there any reason to believe that other JSON libraries are going to implement the ES6 standard? For example, what should one expect either a hand rolled version or a C# version do? > -----Original Message----- > From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Anders Rundgren > Sent: Wednesday, October 28, 2015 11:40 PM > To: jose@ietf.org > Subject: [jose] At a glance: JWS vs "in-object" ES6/JSON signatures > > ES6-compliant in-object JS/JSON signature: > > var inObjectSignedData = > { > // Object data expressed as JS properties > "device": "Pump2", > "value": 1e-18, > > // Object signature > "signature": { > ...Protected headers + Signature value expressed as JS properties... > } > }; > > JavaScript's JSON.parse() and JSON.stringify() suffice for "canonicalization" > purposes. > > > Converting the above to JWS JSON Serialization you would get: > > var signedData = > { > // Object data in a coded format > "payload":"<payload contents>", > > // Protected headers wrapped in Base64URL > "protected":"<integrity-protected header contents>", > > // Signature in a unique format > "signature":"<signature contents>" > } > > ES6 was released in June 2015 so this opportunity is actually quite new. > > Cheers, > Anders > > http://webpki.org/ietf/draft-rundgren-predictable-serialization-for-json-too ls- > 00.html#rfc.section.3.3 > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] At a glance: JWS vs "in-object" ES6/JSON s… Anders Rundgren
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Mike Jones
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Mike Jones
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Anders Rundgren
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Mark Watson
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Anders Rundgren
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Jim Schaad
- Re: [jose] At a glance: JWS vs "in-object" ES6/JS… Anders Rundgren