My intent was for that "JSON object signed as JWS" to be the JSON
object shown above. Would it be clearer to frame the example as
follows?
~~~~~~~~~~
POST /acme/reg/asdf HTTP/1.1
Host: example.com
{
"resource": "reg",
"newKey": {
"header": { "jwk": /* JWK form of the new key */, ... },
"payload": base64({
"resource": "reg",
"oldKey": "D7J9RL1f-RWUl68JP-gW1KSl2TkIrJB7hK6rLFFeYMU"
}),
"signature": /* signature by new key */
}
}
/* Signed as JWS with original key */
~~~~~~~~~~
On Tue, Nov 17, 2015 at 2:37 PM, Ted Hardie <[email protected]> wrote:
> This pull request is found here:
> https://github.com/ietf-wg-acme/acme/pull/39/files?diff=unified.
>
> If I am reading this correctly, the example doesn't quite match the text.
> The text below shows a signature of the JWS with the original key, but does
> not show the oldkey field noted in the text.
>
> Am I missing something here?
>
> regards,
>
> Ted
>
> The client signs this object with the new key pair and encodes the object
> and
> signature as a JWS. The client then sends this JWS to the server in the
> "newKey" field of a request to update the registration.
>
> ~~~~~~~~~~
> POST /acme/reg/asdf HTTP/1.1
> Host: example.com
>
> {
> "resource": "reg",
> "newKey": /* JSON object signed as JWS with new key */
> }
> /* Signed as JWS with original key */
>
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme
>
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
