[jose] Re: Do you need the JWP JSON Serialization?

Orie Steele <orie@transmute.industries> Wed, 07 August 2024 13:55 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3760C14F689 for <jose@ietfa.amsl.com>; Wed, 7 Aug 2024 06:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-SdR_TZiF52 for <jose@ietfa.amsl.com>; Wed, 7 Aug 2024 06:55:39 -0700 (PDT)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0266AC14F680 for <jose@ietf.org>; Wed, 7 Aug 2024 06:55:33 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-2cb53da06a9so708229a91.0 for <jose@ietf.org>; Wed, 07 Aug 2024 06:55:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1723038933; x=1723643733; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CP7iYj1z99fEP/D5jtmk+3fDxcJ9wd+GnGGRVsUl2Yw=; b=VIPggdS5NX/HtrQF6QJBf23YpRa383L5AN7fxVt+hzUEzWDIeO0ttJlud7LkgOjbkD zFRWbdUdiupX+PM6YeHKPXchjuKfrJ8acj93GHyhfNLjUhj5uNn1gWPLpmFb+FQhr9Ct N7hYp3nL0g9jdlFkczfCBo9s9rY5AM9vp/4+DluEnEFbKWpZC5ScVA/qtDPBMstiegIQ ac/88lacvrJ0Tyfsx6Paas95n1iOdVYEXqf9UoTdbEMBka1eMe9jwriUiAP4/BGNXubQ 5XtkoRFVYhLr0QV01d/UxdaeDa+WJGtEr55Zqjy6TsKHgdK4jnFJitfVuZTlNm4c2HJx ALEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723038933; x=1723643733; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CP7iYj1z99fEP/D5jtmk+3fDxcJ9wd+GnGGRVsUl2Yw=; b=VOaW6gnW4B8P4gQxSzQrobnDC+4Lmpe1Po0J4wBGN1heXAqf87CS7RrjnaiEzhNbJs Lw9sJyoY92v+EXjLgsYcpksCjmC+cDDdJ/xqFZGqoI5Jdo9nn1zqt+XWyATR80T9UnFB 47JTGtJFQpzDIrOipIspKXarPAdOYdM6MUFy7W0oG9GUX+3371USpJ2DFByBLmtU2/P8 1FC5Abev4HTBDA3j8jzCGlwA7wZQZbLCQQU3HSJugy7ykcE3cmyUVnV+vMHDZ8wB5j79 30XwiCgPVv//G4OQ4PQ5qYCfCcMSlFynoarRhN8673nyLKYSRXhXQJMdgsCwJ4ua8Wv9 L7pw==
X-Forwarded-Encrypted: i=1; AJvYcCXsXxEDDbnDbybESa2q3O457W12lDti8b/geGz/5H+MdWPgx452KMOsYNXdcOlGcX7Et4a9EjyiG3vZX2cn
X-Gm-Message-State: AOJu0YxBQf7llZ3hCng63GU/A+L/5u41YzaOH3BJLSTw0OOJjJUJN9S3 78jrbqP67LFxjDwLNz5GETYh19ZUGQj6GSYgYtP7lehyuz43w84x68Bav5iuhhLmYvZFh/cB+Ti byz9+Rb6zZX8Yxkw9MTQNOT1DocTPh82NJE8Yog==
X-Google-Smtp-Source: AGHT+IGiMXAwd1SU8tGDF//GdLKCEJzhx9SIKdilFQ5yfGqyRiXKonOHBdvCyrpLl8EGXb7icY0vY3nEh/ywS50eKCA=
X-Received: by 2002:a17:90b:1d86:b0:2c8:2236:e2c3 with SMTP id 98e67ed59e1d1-2d1b2de6642mr3590783a91.17.1723038933035; Wed, 07 Aug 2024 06:55:33 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR02MB74391ECC2D8130E1F0994C1AB7BF2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+6xXS8_A4_MjkTgT9FotSpQyqqs_doftrdvG045P-1VTAgs6Q@mail.gmail.com> <SJ0PR02MB7439FB0D4FAF496C26DA2324B7B82@SJ0PR02MB7439.namprd02.prod.outlook.com>
In-Reply-To: <SJ0PR02MB7439FB0D4FAF496C26DA2324B7B82@SJ0PR02MB7439.namprd02.prod.outlook.com>
From: Orie Steele <orie@transmute.industries>
Date: Wed, 07 Aug 2024 08:55:22 -0500
Message-ID: <CAN8C-_L1QWtexH9N1mbSMCDFFaJnNoV_6SY-TxaRjLFgPJngMg@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="00000000000089cbb2061f184365"
Message-ID-Hash: AVTCK5JF4FP6QHV44Y4N37LEYGMLCLVD
X-Message-ID-Hash: AVTCK5JF4FP6QHV44Y4N37LEYGMLCLVD
X-MailFrom: orie@transmute.industries
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bret Jordan <bret.jordan.sdo@gmail.com>, "jose@ietf.org" <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Do you need the JWP JSON Serialization?
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/fTLxcx9KO0-kkN2g3lFVTlcpzx4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

I would expect the COSE expressions of JWP (CWP ?)... to support
unprotected headers.

Whatever serializations are supported, they should have the same
features... if possible.

If the JWP compact serialization supports unprotected headers / multiple
recipients (probably not a thing for JWP, but is a thing for JWE), then I
don't see a lot of value in specifying a JSON serialization as well.

JSON serializations might be better stored in databases, since the base64
encoded components can often be stored as binary instead of text... but
CBOR would be even better.

That said, it would be nice to have only a single serialization for "JSON",
and single serialization for CBOR, and not 2 for JSON and 1 for CBOR.

Regards,

OS


On Tue, Aug 6, 2024 at 7:26 PM Michael Jones <michael_b_jones@hotmail.com>
wrote:

> Thanks for your view, Bret.  What is your use case?  Specifically, is
> there something you plan to represent as a JWP that you can’t using the
> Compact Serialization?  If so, what?
>
>
>
> Our motivation is to have a single JSON serialization, like JWT does, to
> increase interoperability.
>
>
>
>                                                                 Thanks,
>
>                                                                 -- Mike
>
>
>
> *From:* Bret Jordan <bret.jordan.sdo@gmail.com>
> *Sent:* Tuesday, August 6, 2024 5:14 PM
> *To:* Michael Jones <michael_b_jones@hotmail.com>
> *Cc:* jose@ietf.org
> *Subject:* Re: [jose] Do you need the JWP JSON Serialization?
>
>
>
> Yes, to JSON serialization.
>
>
>
> Thanks
>
> Bret
>
>
>
> On Tue, Aug 6, 2024 at 5:42 PM Michael Jones <michael_b_jones@hotmail.com>
> wrote:
>
> I’m writing to ask whether any of you have a use case that requires the
> JSON Web Proof JSON Serialization? Unless concrete reasons are provided to
> keep it, we propose to make the Compact Serialization the only JSON
> Serialization for JWPs.  This is being tracked at
> https://github.com/ietf-wg-jose/json-web-proof/issues/100.
>
>
>
> Responses saying “I don’t need the JSON Serialization” are also welcomed.
>
>
>
> (A CBOR serialization is planned of course – something we hope to create
> before IETF 121 in Dublin, building on the work to use binary fields values
> in computations that we did prior to Vancouver.)
>
>
>
>                                                                 Thanks,
>
>                                                                 -- Mike &
> DW
>
>
>
> _______________________________________________
> jose mailing list -- jose@ietf.org
> To unsubscribe send an email to jose-leave@ietf.org
>
> _______________________________________________
> jose mailing list -- jose@ietf.org
> To unsubscribe send an email to jose-leave@ietf.org
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>