Re: JOSE author didn't use JWS. Was: Digital Signatures for Credentials from Richard Barnes on 2014-12-02 (public-credentials@w3.org from December 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 2 Dec 2014 10:09:05 -0800
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
Message-ID: <CAL02cgQ-SXxo3D=XEFOsjsnBo7DVrh3y+9f_dEHmmoo07mz3MA@mail.gmail.com>

Human-readability is only a very minor part of the objectives here.  Base64
deserialization is not a major issue.

On Tue, Dec 2, 2014 at 9:57 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> On 2014-12-02 18:20, Richard Barnes wrote:
>
>> When I wrote that, there was no flattened serialization.  I'm currently
>> revising to use JWS.
>>
>
> So ACME will go from:
>
> {
>    "type": "certificateRequest",
>    "csr": "5jNudRx6Ye4HzKEqT5...FS6aKdZeGsysoCo4H9P",
>    "signature": {
>      "alg": "RS256",
>      "nonce": "h5aYpWVkq-xlJh6cpR-3cw",
>      "sig": "KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ",
>      "jwk": {
>        "kty":"RSA",
>        "e":"AQAB",
>        "n":"KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ"
>      }
>    }
> }
>
> to:
>
> {
>  "payload":"<payload contents>",
>  "protected":"<integrity-protected header contents>",
>  "header":<non-integrity-protected header contents>,
>  "signature":"<signature contents>"
> }
>
> That's not so cool (you don't see what it is anymore...), not to mention
> how poorly
> it matches the JSON schema validation ACME seems to use.
>
> JSON Cleartext Signatures rocks :-)
>
> Anders
>
>
>
>> On Mon, Dec 1, 2014 at 9:02 PM, Manu Sporny <msporny@digitalbazaar.com
>> <mailto:msporny@digitalbazaar.com>> wrote:
>>
>>     Richard,
>>
>>     Quick question for you re: ACME - why did you decide to not use the
>> JWS
>>     base64-encoding mechanism in the signature for ACME? Particularly,
>>     you've specified multiple canonicalization mechanisms
>> (signature-input).
>>
>>     The reason I'm asking is because we're trying to get some insight into
>>     whether or not the base64-encoded approach should be used when
>> digitally
>>     signing credentials in the Credentials Community Group, or if you
>>     suggest we specify our own canonicalization mechanism and re-use the
>> JWS
>>     alg/nonce/sig fields?
>>
>>     On 11/28/2014 09:04 AM, Anders Rundgren wrote:
>>      > https://github.com/letsencrypt/acme-spec/blob/
>> master/draft-barnes-acme.md
>>      >
>>      > {
>>      >   "type": "certificateRequest",
>>      >   "csr": "5jNudRx6Ye4HzKEqT5...FS6aKdZeGsysoCo4H9P",
>>      >   "signature": {
>>      >     "alg": "RS256",
>>      >     "nonce": "h5aYpWVkq-xlJh6cpR-3cw",
>>      >     "sig": "KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ",
>>      >     "jwk": {
>>      >       "kty":"RSA",
>>      >       "e":"AQAB",
>>      >       "n":"KxITJ0rNlfDMAtfDr8eAw...fSSoehDFNZKQKzTZPtQ"
>>      >     }
>>      >   }
>>      > }
>>
>>     -- manu
>>
>>     --
>>     Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>>     Founder/CEO - Digital Bazaar, Inc.
>>     blog: The Marathonic Dawn of Web Payments
>>     http://manu.sporny.org/2014/dawn-of-web-payments/
>>
>>
>>
>

Received on Tuesday, 2 December 2014 18:09:33 UTC