Here is a pull request: https://github.com/ietf-wg-acme/acme/pull/382
Let me know what you think. Sincerely, Logan Widick On Wed, Jan 3, 2018 at 6:21 PM, Logan Widick <[email protected]> wrote: > This looks good to me. > > As for using JOSE implementations that lack support for the JSON > serialization formats (and only support the compact one), is there an RFC, > Internet-Draft, or similar document with an explanation of the conversion > process already prepared (that can simply be thrown into the ACME draft's > references section)? Or would it be necessary to include an appendix in the > ACME draft with an outline of the conversion process? The conversion > process looks fairly straightforward. However, it would be nice if there > was a document or part of a document that could be easily referenced. > > Logan > > On Wed, Jan 3, 2018 at 5:47 PM, Fraser Tweedale <[email protected]> wrote: > >> On Thu, Jan 04, 2018 at 12:07:34AM +0100, Jörn Heissler wrote: >> > Hello and happy new Year! >> > >> > I've found an inaccuracy in the ACME specs. >> > >> > https://tools.ietf.org/html/rfc7515#section-7 states: >> > >> > Applications using this specification need to specify what >> serialization >> > and serialization features are used for that application. >> > >> > Although this is neither a "SHOULD" nor a "MUST", I think ACME should >> specify >> > which serialization formats need to be supported by server >> implementations. >> > >> > RFC7515 defines four serialization formats: >> > >> > * JWS Compact Serialization >> > * General JWS JSON Serialization Syntax >> > * One signature only >> > * Multiple signatures >> > * Flattened JWS JSON Serialization Syntax >> > >> > https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.htm >> l#rfc.section.6.2 >> > states: >> > >> > In the examples below, JWS objects are shown in the JSON or >> > flattened JSON serialization >> > >> > All examples in the ACME specification use only the flattened >> serialization. >> > Depending on the clarification above, this might need to be amended too. >> > >> > Best regards >> > Jörn Heissler >> >> I am the author of a JOSE library, and have had to deal with >> interoperability issues arising from the multiple serialisations and >> underspecified applications/protocols. Please heed my advice. >> >> Where there is a choice of JSON serialisation (i.e. exactly one >> signature), JOSE does not require or recommend a particular >> serialisation be used. Not does the specification require or >> recommend that there be a mechanism for telling a library what JSON >> serialisation to use. The outcome of this is that there are: >> >> - implementations that unconditionally produce the General JSON >> serialisation >> >> - implementations that unconditionally produce the Flattened JSON >> serialisation (and do not support multiple signatures at all) >> >> - implementations that produce the Flattened serialisation when >> there is a single signature, and the General JSON serialisation >> otherwise >> >> Therefore for interoperability and to avoid situations where a >> conforming JOSE library cannot be used for ACME, I suggest that ACME >> adopt the following regime: >> >> - Conforming ACME implementations MUST process JWS objects using the >> Flattened JWS JSON Serialization and SHOULD process JWS objects >> using the General JWS JSON Serialization. >> >> - Conforming ACME implementations MAY refuse to process JWS objects >> with multiple signatures. If an implementation accepts >> multiple-signature JWS objects, it MUST validate at least one >> signature using the account's public key. >> >> Cheers, >> Fraser >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> >> >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
