[jose] Re: Do you need the JWP JSON Serialization?
Brian Campbell <bcampbell@pingidentity.com> Thu, 08 August 2024 17:33 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3260EC180B58 for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 10:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KeRIm9Awpci for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 10:33:07 -0700 (PDT)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B6A7C169407 for <jose@ietf.org>; Thu, 8 Aug 2024 10:33:07 -0700 (PDT)
Received: by mail-oi1-x233.google.com with SMTP id 5614622812f47-3db50abf929so887683b6e.2 for <jose@ietf.org>; Thu, 08 Aug 2024 10:33:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1723138386; x=1723743186; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5dGfv62rKsFEJBTY4wjft4KcaJy1QrhdTT9CKdqcTRA=; b=C84TrsQylB5G7MMHTtIuxl0qld9hyiBg3wgzlptPmnU1I0oAbpEq8zDGxp+tWLNVks uJV6maicnZLimutmLyYBDcj+XdB6Z7tlf3GMX8l2ru6IhKbhYfePNXIRlsrAiz1oAKam 71Bxku0Pe8MCabkWc8WaphacTv0ZAdEHCHQ+FcW6v3Lcwud3k8zsxEgz4QyOyn87yDsy l5WA+eD8k8onLqy3uUEsamlUOpgsgSDJAhdGOog59qogerBEKcLa5iK20+Vdi145WYnp AtRI/bPbwifk4tndQtj6Yi3Mrq+5kAOEA6tLGedDHKkdSxlNr1tuXBlBj6vCfQo2avOS P3VA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723138386; x=1723743186; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5dGfv62rKsFEJBTY4wjft4KcaJy1QrhdTT9CKdqcTRA=; b=hXOMXK9Nk4OM5V8e+bqPGhUDoPYY1zT96ytJkzh3q0rnJ4FvRTuXPUmuNwlyDFpBNs gC7imkkwyePkOXwXfwxIewRktovPIZ8829ajw460fyTeDgB/j4bSdl1K72SNELiqDnes C1lTKfES7wD13AlsPrKAn+PekTE+WeUbfakiMSrTsT0Gdi6Aym79R39y0HZwKvppzDWL ZWaxlZW6y6xiL3kjKo8NPTtvaNfjbZEBnrf4EeyQKcUuxFNMgMijZtuX3SS0e3uikFYI Pjbb4zQOFIviWQs15mSEzaf4bLbCOwqQkjUA1tbOnge/Xt8ulu9YD9OS5iRJWfs5xnZi SlxQ==
X-Gm-Message-State: AOJu0YxSezyaYBATzfM2pW0zbtFWviA4tocGuijpOd6Jz0nMWNINlvDk wc00o5PsCP49PhKTcTvkkekZhqIXeRd6R8Ga4u0B+penbhIguC0h4Lx+gwX08dyXtOpTTGkRUgB PV1Hcwe7EBSHUW1H9WZExHBMoztrNZH05iJysmvMxHF0jT97EtgechZ+0KXghvGZfHAEPykSJHV RxbLZmPGCxN9o8Ujo9B/g=
X-Google-Smtp-Source: AGHT+IF1n4YZj7d2cNW/B+mOz3TQ2IOiZ7pjUpFuXtONbd2sp97JQX7cwOhlI3CZciLt6cFsJyZnXJCqF7wabyH5WMw=
X-Received: by 2002:a05:6808:1450:b0:3d9:384a:3674 with SMTP id 5614622812f47-3dc3b44ca89mr2966927b6e.33.1723138386356; Thu, 08 Aug 2024 10:33:06 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR02MB74391ECC2D8130E1F0994C1AB7BF2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCQNWURoC=PcgNsmqGNhbd0Vpu9ukSwx+ZzJ7zLLS1hckg@mail.gmail.com> <CAN8C-_LYKz2Vg6gDQv3mRX4KsJnESeyc=Af58V_DBiLGV_Hqpg@mail.gmail.com>
In-Reply-To: <CAN8C-_LYKz2Vg6gDQv3mRX4KsJnESeyc=Af58V_DBiLGV_Hqpg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 08 Aug 2024 11:32:39 -0600
Message-ID: <CA+k3eCSw6+C3Hs3ijsUrO1rVNJbHTt8ggAp6AtcLkgRoH6vVFw@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Content-Type: multipart/alternative; boundary="0000000000006b0ec6061f2f6bcc"
Message-ID-Hash: 7GWYNYGTL7JZC3I3JXQU5KVBWHZEPIKC
X-Message-ID-Hash: 7GWYNYGTL7JZC3I3JXQU5KVBWHZEPIKC
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "jose@ietf.org" <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Do you need the JWP JSON Serialization?
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/sLAtKmu_bucL7WKGqfQ_lBaT7dU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Thu, Aug 8, 2024 at 11:27 AM Orie Steele <orie@transmute.industries> wrote: <snip> > > If JWTs had unprotected headers, I suspect SD-JWT would have used them for > the mutable part (disclosures). > That suspicion is entirely incorrect. <snip> -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [jose] Do you need the JWP JSON Serialization? Michael Jones
- [jose] Re: Do you need the JWP JSON Serialization? Bret Jordan
- [jose] Re: Do you need the JWP JSON Serialization? Michael Jones
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Carsten Bormann
- [jose] Re: Do you need the JWP JSON Serialization? David Waite
- [jose] Re: Do you need the JWP JSON Serialization? Carsten Bormann
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? David Waite