- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 13 Apr 2017 19:25:35 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
On 2017-04-13 19:00, Manu Sporny wrote: > On 04/12/2017 08:51 PM, Kim Hamilton wrote: >> It might make sense to roll this into the existing Signature Format >> Alignment topic, in which case the Blockcerts scenario can serve as >> a case study. > > Great paper, Kim. Yes, please, let's fold it into the Signature Format > Alignment discussion. We have lots to talk about at RWoT4 next week in > Paris. Talking about signature format alignment you may be interested in a renewed effort making clear text JSON/JavaScript signatures more "JOSE-compliant". It is just one page which also holds a signature validator: https://cyberphone.github.io/doc/research/jwa.jwk.es6-signature.html Using detached JWS signatures as have been suggested seems to me like a pretty odd solution. Either you have a canonicalization method that works (and apply that to all data), or you don't. I haven't found a single problem with creating signature containers, while accessing crypto has been anything but easy. Node.js for example, use PEM-files (!) for key material which requires ASN.1 decode/encode to translate it back and forth in JWK format. Yuck! Therefore I found that reusing JOSE JWK and JWA (Algorithms) would "combine the best of two worlds" :-) BTW, signing JSON and signing RDF normalization serve different purposes and do not combine too well. In a "pure" JSON-signing scheme like above, the result of RDF normalization could be provided in a specific element as a hash. Anders > > Looking forward to it! > > -- manu >
Received on Thursday, 13 April 2017 17:26:12 UTC