W3C home > Mailing lists > Public > public-credentials@w3.org > November 2014

JOSE author didn't use JWS. Was: Digital Signatures for Credentials

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 28 Nov 2014 15:04:19 +0100
Message-ID: <547880E3.1070606@gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>, Harry Halpin <hhalpin@w3.org>, public-credentials@w3.org, St├ęphane Boyera <boyera@w3.org>
It is likely that Richard Barnes who is one of the JOSE people will be
forced changing his specification [1] but this one published September 2014
is probably identical to the JCS (JSON Cleartext Signature) specification
with the exception that keys are expressed as JWKs:

https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md

That is, hiding the actual message in Base64 isn't really that "appetizing"
which is what I have been saying all the time...

{
   "type": "certificateRequest",
   "csr": "5jNudRx6Ye4HzKEqT5...FS6aKdZeGsysoCo4H9P",
   "signature": {
     "alg": "RS256",
     "nonce": "h5aYpWVkq-xlJh6cpR-3cw",
     "sig": "KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ",
     "jwk": {
       "kty":"RSA",
       "e":"AQAB",
       "n":"KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ"
     }
   }
}

Anders

1] Being a non-conformist in a standards context is difficult, I know :-) :-)
Received on Friday, 28 November 2014 14:04:52 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:21 UTC