[jose] Protocol Action: 'JWS Unencoded Payload Option' to Proposed Standard (draft-ietf-jose-jws-signing-input-options-09.txt)

The IESG <iesg-secretary@ietf.org> Mon, 28 December 2015 14:48 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: jose@ietf.org
Delivered-To: jose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 70C131A0102; Mon, 28 Dec 2015 06:48:08 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151228144808.9352.46043.idtracker@ietfa.amsl.com>
Date: Mon, 28 Dec 2015 06:48:08 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/eeelrxZ6IZIY18XlH3L_nESKY5Y>
X-Mailman-Approved-At: Mon, 28 Dec 2015 10:44:48 -0800
Cc: jose-chairs@ietf.org, ietf@augustcellars.com, mbj@microsoft.com, Kathleen.Moriarty.ietf@gmail.com, draft-ietf-jose-jws-signing-input-options@ietf.org, jose@ietf.org, rfc-editor@rfc-editor.org, The IESG <iesg@ietf.org>
Subject: [jose] Protocol Action: 'JWS Unencoded Payload Option' to Proposed Standard (draft-ietf-jose-jws-signing-input-options-09.txt)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 14:48:08 -0000

The IESG has approved the following document:
- 'JWS Unencoded Payload Option'
  (draft-ietf-jose-jws-signing-input-options-09.txt) as Proposed Standard

This document is the product of the Javascript Object Signing and
Encryption Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   JSON Web Signature (JWS) [RFC 7515] represents the payload as a
   base64url encoded value and uses this value in the Signature
   computation.  While this enables arbitrary payloads to be integrity
  protected, some have described use cases in which the base64url
  encoding is unnecessary and/or an impediment to adoption, especially
  when the payload is large and/or detached.  This specification defines
  an alternate signature computation method that avoids the
  requirement to base64url-encode the payload.

Working Group Summary

  This document defines an alternate method to form the octet string that
  signatures are computed over for a JWS object.  This was the main focus
  of the discussions as it means that there are now potentially two different
  messages, one with and one without base64 encoding, that will have the
  same signature value.  The group believes that this has been adequately
  addressed in the current document.

Document Quality

  The document comes with examples of the new signatures, these examples
  have been validated by a non-author implementation.  A number of people
  have indicated that they are either planning to implement or are
  considering implementing the change in the signature scheme here.  Note
  that the document explicitly states that the JOSN Web Token community is
  not going to take this change.  


  Jim Schaad acted as the Document Shepherd and
  Kathleen Moriarty is the Responsible Area Director.