[jose] #26: Allow for signature payload to not be base64 encoded

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Tue, 25 June 2013 06:09 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1CA321F9FB2 for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 23:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01Sy4blba+PR for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 23:09:36 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id AB12121F9E96 for <jose@ietf.org>; Mon, 24 Jun 2013 23:09:36 -0700 (PDT)
Received: from localhost ([127.0.0.1]:54253 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UrMRT-0006pX-18; Tue, 25 Jun 2013 08:09:27 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, ietf@augustcellars.com
X-Trac-Project: jose
Date: Tue, 25 Jun 2013 06:09:27 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/26
Message-ID: <061.c2fcfec0a75d48eb8b194991ce56157e@trac.tools.ietf.org>
X-Trac-Ticket-ID: 26
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, ietf@augustcellars.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130625060936.AB12121F9E96@ietfa.amsl.com>
Resent-Date: Mon, 24 Jun 2013 23:09:36 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #26: Allow for signature payload to not be base64 encoded
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 06:09:37 -0000

#26: Allow for signature payload to not be base64 encoded

 Ticket #23 was closed because for signature computation, the header
 information must be base64 encoded due to security considerations.  This
 is not true for the payload.

 Payload does need to be restricted to the base64URL character set for the
 compact encoding, however it does not need to be restricted for the JSON
 encoding, it is the responsibility of JSON parsers/serializers not to
 change the encoding of a string field.

 For detached content, the payload can be binary without any transport
 problems.  For text the content needs to be UTF8 encoded (maybe) but not
 base64url encoded.  For compact messages it might need to be base64url
 encoded.

 Applications can and should (when necessary) specify that there is one
 encoding that needs to be used.  However for the general purpose library
 all that is needed is to say that we are passing in an octet string to be
 used.  A flag/function name choice can easily be used to determine if the
 passed in value needs to be utf8 encoded or utf8 and base64url encoded.  I
 have put this into my implementation with almost zero effort and it is
 still very easy to understand for callers.

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-jose-json-web-
  ietf@augustcellars.com |  signature@tools.ietf.org
     Type:  defect       |     Status:  new
 Priority:  major        |  Milestone:
Component:  json-web-    |    Version:
  signature              |   Keywords:
 Severity:  -            |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/26>
jose <http://tools.ietf.org/jose/>