Personally, I find that much clearer. Regards,
Ted On Nov 17, 2015 19:05, "Richard Barnes" <[email protected]> wrote: > My intent was for that "JSON object signed as JWS" to be the JSON > object shown above. Would it be clearer to frame the example as > follows? > > ~~~~~~~~~~ > POST /acme/reg/asdf HTTP/1.1 > Host: example.com > > { > "resource": "reg", > "newKey": { > "header": { "jwk": /* JWK form of the new key */, ... }, > "payload": base64({ > "resource": "reg", > "oldKey": "D7J9RL1f-RWUl68JP-gW1KSl2TkIrJB7hK6rLFFeYMU" > }), > "signature": /* signature by new key */ > } > } > /* Signed as JWS with original key */ > ~~~~~~~~~~ > > > > On Tue, Nov 17, 2015 at 2:37 PM, Ted Hardie <[email protected]> wrote: > > This pull request is found here: > > https://github.com/ietf-wg-acme/acme/pull/39/files?diff=unified. > > > > If I am reading this correctly, the example doesn't quite match the text. > > The text below shows a signature of the JWS with the original key, but > does > > not show the oldkey field noted in the text. > > > > Am I missing something here? > > > > regards, > > > > Ted > > > > The client signs this object with the new key pair and encodes the object > > and > > signature as a JWS. The client then sends this JWS to the server in the > > "newKey" field of a request to update the registration. > > > > ~~~~~~~~~~ > > POST /acme/reg/asdf HTTP/1.1 > > Host: example.com > > > > { > > "resource": "reg", > > "newKey": /* JSON object signed as JWS with new key */ > > } > > /* Signed as JWS with original key */ > > > > _______________________________________________ > > Acme mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/acme > > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
