Any feedback ?
2015-07-27 12:40 GMT+02:00 Romain Fliedel <[email protected]>:
> Hi,
>
> I've been reading the spec, and I don't really understand why the reply to
> validation challenges is not designed the same way as other api. If I
> understand the spec correctly, instead of sending a JWS reply, the jws is
> embedded in a json object containing 'type' and 'validation'.
>
> For example the dvsni challenge response is :
> {
> "type": "dvsni',
> "validation": {
> "header": { "alg": "HS256" },
> "payload": "qzu9...6bjn",
> "signature": "xxxxxxxxxxxxxxxxxx"
> }
> }
>
> Why don't use a regular JWS as body for this challenge reply ?
> In that case the reply would be:
> {
> "signature": "xxxxxxxxxxxxxxxxxxx",
> "protected": "eyJub25jZ...In0",
> "header": {
> "alg": "RS256",
> "jwk": {
> "kty": "RSA",
> "n": "ox33_lEk....Eg9zM",
> "e": "AQAB"
> }
> },
> "payload": /* in cleartext for readability */ {
> "type": "dvsni",
> "token": "fgf...gfdg"
> }
> }
>
> Also for the dns challenge I don't understand why there is
> "clientPublicKey" attribute in the reply.
> Still regarding dns challenge I am concerned about the length of the
> "signature" generated when RS256 is used to sign the JWS object with a 4096
> bits key. It will then exceed the maximum txt record length. maybe using a
> hash of this signature would solve this ?
>
>
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
