Re: [OAUTH-WG] JWS encoding Appendix A

Justin Richer <jricher@mitre.org> Wed, 05 June 2013 13:41 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82CE621F9AF9; Wed, 5 Jun 2013 06:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.255
X-Spam-Level:
X-Spam-Status: No, score=-5.255 tagged_above=-999 required=5 tests=[AWL=-0.660, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, TRACKER_ID=2.003]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lffP03vkqsXi; Wed, 5 Jun 2013 06:41:11 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 32A5421F9AFB; Wed, 5 Jun 2013 06:41:11 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 625AE1F04AF; Wed, 5 Jun 2013 09:41:10 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 422B31F0269; Wed, 5 Jun 2013 09:41:10 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS01.MITRE.ORG (129.83.29.78) with Microsoft SMTP Server (TLS) id 14.2.342.3; Wed, 5 Jun 2013 09:41:10 -0400
Message-ID: <51AF3FC6.7080501@mitre.org>
Date: Wed, 5 Jun 2013 09:40:22 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: <Axel.Nennker@telekom.de>
References: <2481701B-912B-4B5B-821C-D86721A4C4C6@adobe.com> <CE8995AB5D178F44A2154F5C9A97CAF40255A5BB872A@HE111541.emea1.cds.t-internal.com>
In-Reply-To: <CE8995AB5D178F44A2154F5C9A97CAF40255A5BB872A@HE111541.emea1.cds.t-internal.com>
Content-Type: multipart/alternative; boundary="------------050000050409010803090807"
X-Originating-IP: [129.83.31.56]
Cc: oauth@ietf.org, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] JWS encoding Appendix A
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 13:41:16 -0000

Also, it's the JOSE working group, not OAuth, that's working on JWS. 
I've CC'd that group on this reply, further discussion (if needed) 
should probably take place there.

  -- Justin

On 06/05/2013 09:37 AM, Axel.Nennker@telekom.de wrote:
>
> Antonio,
>
> Please have a look at this
>
> https://code.google.com/p/jsoncrypto/source/browse/trunk/testsrc/org/jsoncrypto/JcBaseTest.java#104
>
> The \r\n is the important.
>
> Please make sure you have this byte representation of the payload.
>
> The following octet sequence contains the UTF-8 representation of the
>
> JWS Header:
>
> [123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32,
>
> 34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125]
>
> Best regards
>
> Axel
>
> *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On 
> Behalf Of *Antonio Sanso
> *Sent:* Wednesday, June 05, 2013 3:27 PM
> *To:* oauth@ietf.org WG
> *Subject:* [OAUTH-WG] JWS encoding Appendix A
>
> Hi *,
>
> while testing my encoding routine against JWS I spot a difference 
> between my encoding and the one in the spec.
>
> More specifically I am referring to Appendix A.1.1 [0] of the JWS spec.
>
> Now it could easily be that the library I wrote is wrong but it works 
> fine with the encoding in the JWT spec for example.
>
> If somebody would like to give a look just for the record the encoding 
> for the header in the spec looks like \
>
> eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
>
> while for me would look like
>
> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
>
> Same for the payload, spec
>
> eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ
>
> my library
>
> eyJpc3MiOiJqb2UiLCJleHAiOjEzMDA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ
>
> Now the difference is probably given from the fact I did not take care 
> in consideration carriage return in my input.
>
> I am on a huge JSON expert but what is the correct way to handle it?
>
> Regards
>
> Antonio
>
> [0] 
> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11#appendix-A.1
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth