[jose] Cleartext JOSE
Samuel Erdtman <samuel@erdtman.se> Mon, 12 March 2018 12:00 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDB6127333 for <jose@ietfa.amsl.com>; Mon, 12 Mar 2018 05:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UkJziSK46NIu for <jose@ietfa.amsl.com>; Mon, 12 Mar 2018 05:00:30 -0700 (PDT)
Received: from mail-pl0-x232.google.com (mail-pl0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF516124B0A for <jose@ietf.org>; Mon, 12 Mar 2018 05:00:29 -0700 (PDT)
Received: by mail-pl0-x232.google.com with SMTP id c11-v6so9184739plo.0 for <jose@ietf.org>; Mon, 12 Mar 2018 05:00:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=FRPJeBmFRUrFzUwJbF1wDrz0+dllPvkcg1jmouk7gMc=; b=Q86IMU77zBVQ4NJk1jLnujqYuDP8/4PXvOwa5x3DTRcEo4Z5F7vF04eq0/VdxkcH+H RTshow5iVKzkrflgIidYGlwUDXbgYOj66eljDRdvaoL5jCYCpq0u4kuW1nrTdKXfxkvJ nD5W+882PjW7UipTVlxjBHJ8bctCIOvAr+PusOdVOlMgEYVRrCNHzx/oKqBP50+vHgg8 Z7LOogw3OZyf0xvccICyeaTX/6pn0DwJTXnAmCzxdBS/xQRNd4ug7BIsUYYqnEZVNAh2 FGoZXxo2bgeRYc/qbZfnEfC3HGh3+WW7Focti7Nb0E2gvEcTjqFIY/k8roJwVAnl8I6T d8tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=FRPJeBmFRUrFzUwJbF1wDrz0+dllPvkcg1jmouk7gMc=; b=YK8qqighLneBVnuIAKdOUlnAxUmae3JDyrOG5/IGNS+aOqeefvkxI6NZNIe9WAhF9D BhYwSZIAFQXwWm6u/tqBLYNxeH3H9b/vN00mbu+FnZ4pIXAX6lZFWYds8ySHu+V6T+HQ oWQyoonFYwCoWA5dmLj9DM44OquHq2rUIvLSS9HvYsXN6O4W6x83fOshBtQm2uyPK44m myeeLAOi8Co3Gnwf/yCr/5BwZDK89qY/MXIOS6FXQhjS8AcS/PT77KELlkwtXctbWSjX FbiXgtsRnteKHz9zdeaKTJFvWVaox4vuVL4urZWDczldhN4YCuTvDglXsJlPGw4CqI37 R1NQ==
X-Gm-Message-State: AElRT7FrJ8tBVgKnVRGU0HSlCO5uPHXl5fn+AGC3Cypx5Iz7JAnGHpWR hqL9htU/4xpIoxxVwL5Cg50qTZ14A/wjq0g8/20Buj7r5kE=
X-Google-Smtp-Source: AG47ELvbvFaFwa5y17nm+5xY0A/uyAoqsOEt8E2BRHfVEVhJHFihwdkm8+ojJpO5AQC+w54E7GU60UJHLF/kd6slnv8=
X-Received: by 2002:a17:902:b597:: with SMTP id a23-v6mr7794101pls.156.1520856028690; Mon, 12 Mar 2018 05:00:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.141.24 with HTTP; Mon, 12 Mar 2018 05:00:28 -0700 (PDT)
From: Samuel Erdtman <samuel@erdtman.se>
Date: Mon, 12 Mar 2018 13:00:28 +0100
Message-ID: <CAF2hCbb91+EquWnz2T_JQio=kYuAc2wfVCUZ=WLOFknGsUAh8w@mail.gmail.com>
To: jose@ietf.org
Cc: Mike Jones <Michael.Jones@microsoft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000584efc056735e33f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/YQFvjs6sJzVPz3txI-3SHx94Uh8>
Subject: [jose] Cleartext JOSE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 12:00:32 -0000
Hi On and off, the subject of possibly signing JSON without having to base64url encode it first has come up. Different solutions have been proposed, with different levels of strangeness. To address this possibility, Anders Rundgren, and Mike Jones, and I have taken some time to write two drafts that proposes a solution for Cleartext JWS and JWE (I know it sounds funny with cleartext and encryption). We have worked hard to keep the new documents aligned with the existing JOSE documents, so anyone familiar with existing work will feel right at home with these two new drafts. Below you can find the document abstracts and examples of how this would look. *https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws <https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws>* *Cleartext JWS* Cleartext JSON Web Signature (JWS) is a means of signing JSON objects directly without representing the JSON to be signed in a non-JSON representation, such as base64url-encoded JSON. The signature and information about the signature is added to the JSON object when it is signed. The signature calculation for signing the JSON object uses the predictable JSON serialization defined in ECMAScript version 6. Cleartext JWS builds on the JWS, JWA, and JWK specifications, reusing data structures and semantics from these specifications, where applicable. { "iss": "joe", "exp": 1300819380, "escapeMe": "\u20ac$\u000F\u000aA'\u0042\u0022\u005c\\\"\/", "numbers": [1e+30,4.5,6], "__cleartext_signature": { "alg": "ES256", "kid": "example.com:p256", "signature": "pXP0GFHms0SntctNk1G1pHZfccVYdZkmAJktY_hpMsI AckzX7wZJIJNlsBzmJ1_7LmKATiW-YHHZjsYdT96JZw" } } *https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jwe <https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jwe>* *Cleartext JWE* Cleartext JSON Web Encryption (JWE) is a means of representing encrypted content as a JSON object without representing JSON values to be integrity protected in a non-JSON representation, such as base64url-encoded JSON. The integrity protection calculation for the authenticated encryption performed uses the predictable JSON serialization defined in ECMAScript version 6. Cleartext JWE builds on the JWE, JWA, and JWK specifications, reusing data structures and semantics from these specifications, where applicable. { "enc": "A256GCM", "alg": "dir", "kid": "a256bitkey", "iv": "764BCBnN8yMNu1tT", "tag": "6miH9pSBzQ-0nImMsvHmyQ", "ciphertext": "VZ3Zl0-vuFkZxCGJ_w5Q_SOVJTBVSw" }
- [jose] Cleartext JOSE Samuel Erdtman