On Wed, Jul 29, 2015 at 2:27 AM, Romain Fliedel <[email protected]> wrote:
> Any feedback ? > > Why would you want the token to be in cleartext? Ted > 2015-07-27 12:40 GMT+02:00 Romain Fliedel <[email protected]>: > >> Hi, >> >> I've been reading the spec, and I don't really understand why the reply >> to validation challenges is not designed the same way as other api. If I >> understand the spec correctly, instead of sending a JWS reply, the jws is >> embedded in a json object containing 'type' and 'validation'. >> >> For example the dvsni challenge response is : >> { >> "type": "dvsni', >> "validation": { >> "header": { "alg": "HS256" }, >> "payload": "qzu9...6bjn", >> "signature": "xxxxxxxxxxxxxxxxxx" >> } >> } >> >> Why don't use a regular JWS as body for this challenge reply ? >> In that case the reply would be: >> { >> "signature": "xxxxxxxxxxxxxxxxxxx", >> "protected": "eyJub25jZ...In0", >> "header": { >> "alg": "RS256", >> "jwk": { >> "kty": "RSA", >> "n": "ox33_lEk....Eg9zM", >> "e": "AQAB" >> } >> }, >> "payload": /* in cleartext for readability */ { >> "type": "dvsni", >> "token": "fgf...gfdg" >> } >> } >> >> Also for the dns challenge I don't understand why there is >> "clientPublicKey" attribute in the reply. >> Still regarding dns challenge I am concerned about the length of the >> "signature" generated when RS256 is used to sign the JWS object with a 4096 >> bits key. It will then exceed the maximum txt record length. maybe using a >> hash of this signature would solve this ? >> >> > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
