[jose] JWS Unencoded Payload Option is now RFC 7797
Mike Jones <Michael.Jones@microsoft.com> Fri, 26 February 2016 00:00 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 164A01B37DF for <jose@ietfa.amsl.com>; Thu, 25 Feb 2016 16:00:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrZv768dGGO0 for <jose@ietfa.amsl.com>; Thu, 25 Feb 2016 16:00:33 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0146.outbound.protection.outlook.com [207.46.100.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C13A41B3777 for <jose@ietf.org>; Thu, 25 Feb 2016 16:00:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=laXK+MFGo1I0kWAj/XCuaUxXS6pF+KUBXG4Qg6nSTf8=; b=OmM0d6gkOd5yw/ggikoI3/LTZmZWvGsOTWsfmEOzcN4cc2ZOVc7U12XiwkYpnxJYtsTvGlXdy/WY8FDBdQhfsBX8An8vB/LVD/UOhto4HnW/ukN5jI1olSGJVGSiGUVgF/+falxFsU6sN9h/GQzo9zYj6iteIQSw1PZx13pOBH0=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.409.15; Fri, 26 Feb 2016 00:00:32 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0409.024; Fri, 26 Feb 2016 00:00:32 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JWS Unencoded Payload Option is now RFC 7797
Thread-Index: AdFwIHF5hLVJoTDSRNKPz7DjpY0qmg==
Date: Fri, 26 Feb 2016 00:00:32 +0000
Message-ID: <BY2PR03MB4427FC32A9BF846E83C3677F5A70@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8::650]
x-ms-office365-filtering-correlation-id: 0d8348a7-20d7-4fb7-8aa8-08d33e3fd89f
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:p9d7nlunhqQxb8gfk0Sw3pGwIRvqdXoKDHple+ijDubrhl32PswGZdxDgqKzTn+9q0jIeS/f/bWXkV8jXlVCGZT33LE4fa/OQahvytPNVNMT0XYevZaKtZ/0Tw/jSYSzwK4Vut1iAQY63rxFWJz/Dw==; 24:yNuEpZEBlAUOXhChGfGNb3YnPSqiJZMDSnYAA/tV9keG5/ohyytGySozCBs8P/GpYqEU6t1lrsZNApVr6VBb/7N1p59gPXFE+BVPgoBbFI8=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB443A3C1269A82B18754D231F5A70@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 0864A36BBF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(19580395003)(586003)(74316001)(3280700002)(19625215002)(33656002)(5003600100002)(1220700001)(5001960100002)(3660700001)(15975445007)(2906002)(77096005)(2900100001)(10290500002)(450100001)(102836003)(6116002)(790700001)(1096002)(1730700002)(5008740100001)(40100003)(11100500001)(10400500002)(122556002)(8990500004)(2351001)(19300405004)(76576001)(107886002)(92566002)(99286002)(229853001)(5002640100001)(87936001)(19617315012)(10090500001)(110136002)(54356999)(189998001)(50986999)(5005710100001)(5004730100002)(16236675004)(86362001)(2501003)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4427FC32A9BF846E83C3677F5A70BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2016 00:00:32.5536 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/iy_XPswpCB0Kjk0ry_YGKHAUudc>
Subject: [jose] JWS Unencoded Payload Option is now RFC 7797
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 00:00:36 -0000
The JWS Unencoded Payload Option specification is now RFC 7797<http://www.rfc-editor.org/info/rfc7797> - an IETF standard. The abstract describes the specification as: JSON Web Signature (JWS) represents the payload of a JWS as a base64url-encoded value and uses this value in the JWS Signature computation. While this enables arbitrary payloads to be integrity protected, some have described use cases in which the base64url encoding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not base64url-encode the payload. This option is intended to broaden the set of use cases for which the use of JWS is a good fit. This specification updates RFC 7519 by stating that JSON Web Tokens (JWTs) MUST NOT use the unencoded payload option defined by this specification. This option is used by including the header parameters "b64":false and "crit":["b64"]. JWTs never use this option. -- Mike P.S. This note was also published at http://self-issued.info/?p=1550 and as @selfissued<https://twitter.com/selfissued>.
- [jose] JWS Unencoded Payload Option is now RFC 77… Mike Jones
- Re: [jose] JWS Unencoded Payload Option is now RF… Nat Sakimura