[jose] #26: Allow for signature payload to not be base64 encoded
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Tue, 25 June 2013 06:09 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1CA321F9FB2 for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 23:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01Sy4blba+PR for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 23:09:36 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id AB12121F9E96 for <jose@ietf.org>; Mon, 24 Jun 2013 23:09:36 -0700 (PDT)
Received: from localhost ([127.0.0.1]:54253 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UrMRT-0006pX-18; Tue, 25 Jun 2013 08:09:27 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, ietf@augustcellars.com
X-Trac-Project: jose
Date: Tue, 25 Jun 2013 06:09:27 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/26
Message-ID: <061.c2fcfec0a75d48eb8b194991ce56157e@trac.tools.ietf.org>
X-Trac-Ticket-ID: 26
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, ietf@augustcellars.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130625060936.AB12121F9E96@ietfa.amsl.com>
Resent-Date: Mon, 24 Jun 2013 23:09:36 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #26: Allow for signature payload to not be base64 encoded
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 06:09:37 -0000
#26: Allow for signature payload to not be base64 encoded Ticket #23 was closed because for signature computation, the header information must be base64 encoded due to security considerations. This is not true for the payload. Payload does need to be restricted to the base64URL character set for the compact encoding, however it does not need to be restricted for the JSON encoding, it is the responsibility of JSON parsers/serializers not to change the encoding of a string field. For detached content, the payload can be binary without any transport problems. For text the content needs to be UTF8 encoded (maybe) but not base64url encoded. For compact messages it might need to be base64url encoded. Applications can and should (when necessary) specify that there is one encoding that needs to be used. However for the general purpose library all that is needed is to say that we are passing in an octet string to be used. A flag/function name choice can easily be used to determine if the passed in value needs to be utf8 encoded or utf8 and base64url encoded. I have put this into my implementation with almost zero effort and it is still very easy to understand for callers. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- ietf@augustcellars.com | signature@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: signature | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/26> jose <http://tools.ietf.org/jose/>
- [jose] #26: Allow for signature payload to not be… jose issue tracker
- Re: [jose] #26: Allow for signature payload to no… jose issue tracker
- Re: [jose] #26: Allow for signature payload to no… Jim Schaad
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… John Bradley
- Re: [jose] #26: Allow for signature payload to no… n-sakimura
- Re: [jose] #26: Allow for signature payload to no… Jim Schaad
- Re: [jose] #26: Allow for signature payload to no… Jim Schaad
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… Jim Schaad
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… Dick Hardt
- Re: [jose] #26: Allow for signature payload to no… Edmund Jay
- Re: [jose] #26: Allow for signature payload to no… Matias Woloski
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Dick Hardt
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Dick Hardt
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Dick Hardt
- Re: [jose] #26: Allow for signature payload to no… Richard Barnes
- Re: [jose] #26: Allow for signature payload to no… Dick Hardt
- Re: [jose] #26: Allow for signature payload to no… John Bradley
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… Mike Jones
- Re: [jose] #26: Allow for signature payload to no… Manger, James H
- Re: [jose] #26: Allow for signature payload to no… jose issue tracker