W3C home > Mailing lists > Public > public-credentials@w3.org > December 2014

Re: JOSE author didn't use JWS. Was: Digital Signatures for Credentials

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 02 Dec 2014 18:57:36 +0100
Message-ID: <547DFD90.8030600@gmail.com>
To: Richard Barnes <rlb@ipv.sx>, Manu Sporny <msporny@digitalbazaar.com>
CC: public-credentials@w3.org
On 2014-12-02 18:20, Richard Barnes wrote:
> When I wrote that, there was no flattened serialization.  I'm currently revising to use JWS.

So ACME will go from:

{
    "type": "certificateRequest",
    "csr": "5jNudRx6Ye4HzKEqT5...FS6aKdZeGsysoCo4H9P",
    "signature": {
      "alg": "RS256",
      "nonce": "h5aYpWVkq-xlJh6cpR-3cw",
      "sig": "KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ",
      "jwk": {
        "kty":"RSA",
        "e":"AQAB",
        "n":"KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ"
      }
    }
}

to:

{
  "payload":"<payload contents>",
  "protected":"<integrity-protected header contents>",
  "header":<non-integrity-protected header contents>,
  "signature":"<signature contents>"
}

That's not so cool (you don't see what it is anymore...), not to mention how poorly
it matches the JSON schema validation ACME seems to use.

JSON Cleartext Signatures rocks :-)

Anders

>
> On Mon, Dec 1, 2014 at 9:02 PM, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>
>     Richard,
>
>     Quick question for you re: ACME - why did you decide to not use the JWS
>     base64-encoding mechanism in the signature for ACME? Particularly,
>     you've specified multiple canonicalization mechanisms (signature-input).
>
>     The reason I'm asking is because we're trying to get some insight into
>     whether or not the base64-encoded approach should be used when digitally
>     signing credentials in the Credentials Community Group, or if you
>     suggest we specify our own canonicalization mechanism and re-use the JWS
>     alg/nonce/sig fields?
>
>     On 11/28/2014 09:04 AM, Anders Rundgren wrote:
>      > https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md
>      >
>      > {
>      >   "type": "certificateRequest",
>      >   "csr": "5jNudRx6Ye4HzKEqT5...FS6aKdZeGsysoCo4H9P",
>      >   "signature": {
>      >     "alg": "RS256",
>      >     "nonce": "h5aYpWVkq-xlJh6cpR-3cw",
>      >     "sig": "KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ",
>      >     "jwk": {
>      >       "kty":"RSA",
>      >       "e":"AQAB",
>      >       "n":"KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ"
>      >     }
>      >   }
>      > }
>
>     -- manu
>
>     --
>     Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>     Founder/CEO - Digital Bazaar, Inc.
>     blog: The Marathonic Dawn of Web Payments
>     http://manu.sporny.org/2014/dawn-of-web-payments/
>
>
Received on Tuesday, 2 December 2014 17:58:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:21 UTC