[jose] Cleartext JOSE
Samuel Erdtman <samuel@erdtman.se> Mon, 12 March 2018 12:00 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDB6127333 for <jose@ietfa.amsl.com>; Mon, 12 Mar 2018 05:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UkJziSK46NIu for <jose@ietfa.amsl.com>; Mon, 12 Mar 2018 05:00:30 -0700 (PDT)
Received: from mail-pl0-x232.google.com (mail-pl0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF516124B0A for <jose@ietf.org>; Mon, 12 Mar 2018 05:00:29 -0700 (PDT)
Received: by mail-pl0-x232.google.com with SMTP id c11-v6so9184739plo.0 for <jose@ietf.org>; Mon, 12 Mar 2018 05:00:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=FRPJeBmFRUrFzUwJbF1wDrz0+dllPvkcg1jmouk7gMc=; b=Q86IMU77zBVQ4NJk1jLnujqYuDP8/4PXvOwa5x3DTRcEo4Z5F7vF04eq0/VdxkcH+H RTshow5iVKzkrflgIidYGlwUDXbgYOj66eljDRdvaoL5jCYCpq0u4kuW1nrTdKXfxkvJ nD5W+882PjW7UipTVlxjBHJ8bctCIOvAr+PusOdVOlMgEYVRrCNHzx/oKqBP50+vHgg8 Z7LOogw3OZyf0xvccICyeaTX/6pn0DwJTXnAmCzxdBS/xQRNd4ug7BIsUYYqnEZVNAh2 FGoZXxo2bgeRYc/qbZfnEfC3HGh3+WW7Focti7Nb0E2gvEcTjqFIY/k8roJwVAnl8I6T d8tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=FRPJeBmFRUrFzUwJbF1wDrz0+dllPvkcg1jmouk7gMc=; b=YK8qqighLneBVnuIAKdOUlnAxUmae3JDyrOG5/IGNS+aOqeefvkxI6NZNIe9WAhF9D BhYwSZIAFQXwWm6u/tqBLYNxeH3H9b/vN00mbu+FnZ4pIXAX6lZFWYds8ySHu+V6T+HQ oWQyoonFYwCoWA5dmLj9DM44OquHq2rUIvLSS9HvYsXN6O4W6x83fOshBtQm2uyPK44m myeeLAOi8Co3Gnwf/yCr/5BwZDK89qY/MXIOS6FXQhjS8AcS/PT77KELlkwtXctbWSjX FbiXgtsRnteKHz9zdeaKTJFvWVaox4vuVL4urZWDczldhN4YCuTvDglXsJlPGw4CqI37 R1NQ==
X-Gm-Message-State: AElRT7FrJ8tBVgKnVRGU0HSlCO5uPHXl5fn+AGC3Cypx5Iz7JAnGHpWR hqL9htU/4xpIoxxVwL5Cg50qTZ14A/wjq0g8/20Buj7r5kE=
X-Google-Smtp-Source: AG47ELvbvFaFwa5y17nm+5xY0A/uyAoqsOEt8E2BRHfVEVhJHFihwdkm8+ojJpO5AQC+w54E7GU60UJHLF/kd6slnv8=
X-Received: by 2002:a17:902:b597:: with SMTP id a23-v6mr7794101pls.156.1520856028690; Mon, 12 Mar 2018 05:00:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.141.24 with HTTP; Mon, 12 Mar 2018 05:00:28 -0700 (PDT)
From: Samuel Erdtman <samuel@erdtman.se>
Date: Mon, 12 Mar 2018 13:00:28 +0100
Message-ID: <CAF2hCbb91+EquWnz2T_JQio=kYuAc2wfVCUZ=WLOFknGsUAh8w@mail.gmail.com>
To: jose@ietf.org
Cc: Mike Jones <Michael.Jones@microsoft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000584efc056735e33f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/YQFvjs6sJzVPz3txI-3SHx94Uh8>
Subject: [jose] Cleartext JOSE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 12:00:32 -0000
Hi
On and off, the subject of possibly signing JSON without having to
base64url encode it first has come up. Different solutions have been
proposed, with different levels of strangeness. To address this
possibility, Anders Rundgren, and Mike Jones, and I have taken some time to
write two drafts that proposes a solution for Cleartext JWS and JWE (I know
it sounds funny with cleartext and encryption). We have worked hard to keep
the new documents aligned with the existing JOSE documents, so anyone
familiar with existing work will feel right at home with these two new
drafts. Below you can find the document abstracts and examples of how this
would look.
*https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws
<https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws>*
*Cleartext JWS*
Cleartext JSON Web Signature (JWS) is a means of signing JSON objects
directly without representing the JSON to be signed in a non-JSON
representation, such as base64url-encoded JSON. The signature and
information about the signature is added to the JSON object when it is
signed. The signature calculation for signing the JSON object uses the
predictable JSON serialization defined in ECMAScript version 6. Cleartext
JWS builds on the JWS, JWA, and JWK specifications, reusing data structures
and semantics from these specifications, where applicable.
{
"iss": "joe",
"exp": 1300819380,
"escapeMe": "\u20ac$\u000F\u000aA'\u0042\u0022\u005c\\\"\/",
"numbers": [1e+30,4.5,6],
"__cleartext_signature": {
"alg": "ES256",
"kid": "example.com:p256",
"signature": "pXP0GFHms0SntctNk1G1pHZfccVYdZkmAJktY_hpMsI
AckzX7wZJIJNlsBzmJ1_7LmKATiW-YHHZjsYdT96JZw"
}
}
*https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jwe
<https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jwe>*
*Cleartext JWE*
Cleartext JSON Web Encryption (JWE) is a means of representing encrypted
content as a JSON object without representing JSON values to be integrity
protected in a non-JSON representation, such as base64url-encoded JSON. The
integrity protection calculation for the authenticated encryption performed
uses the predictable JSON serialization defined in ECMAScript version
6. Cleartext
JWE builds on the JWE, JWA, and JWK specifications, reusing data structures
and semantics from these specifications, where applicable.
{
"enc": "A256GCM",
"alg": "dir",
"kid": "a256bitkey",
"iv": "764BCBnN8yMNu1tT",
"tag": "6miH9pSBzQ-0nImMsvHmyQ",
"ciphertext": "VZ3Zl0-vuFkZxCGJ_w5Q_SOVJTBVSw"
}
- [jose] Cleartext JOSE Samuel Erdtman