+1 Two quick comments:
1. As long as we're using an ordered type, it might be nice to require that the chain be in order, as in TLS. 2. Since PEM is just base64-encoded DER, we should just specify that each element in the array is base64url-encoded DER (assuming that that's the base64 variant we're using). On Sep 20, 2012, at 3:30 PM, Matt Miller (mamille2) wrote: > That works for me. > > > - m&m > > Matt Miller - <[email protected]> > Cisco Systems, Inc. > > On Sep 20, 2012, at 09:54, Vladimir Dzhuvinov / NimbusDS wrote: > >> Hi guys, >> >> If I understand correctly, the JWS and JWE specs say that the "x5c" >> parameter is a JSON string: >> >> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05#section-4.1.6 >> >> The example: >> >> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05#appendix-B >> >> >> Wouldn't be more sensible to use a JSON array to represent the chain of >> X.509 certs? Instead of a string of concatenated B64 data with >> "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" >> delimiters? >> >> >> My case for using a JSON array: >> >> 1. A single parse of the header will do the chain as well - saves an >> extra non-JSON parse operation to split the x5c into chunks. >> >> 2. Saves space. >> >> 3. Makes better use of the existing JSON header structure. >> >> >> I suppose the current format was influenced by how X.509 chains are >> typically exported by programs for file transfer/storage. However, in >> the case of JWS/JWE, the x5c parameter will be created programmatically >> and there a JSON array fits better. >> >> What do you guys think? >> >> Cheers, >> >> Vladimir >> >> -- >> Vladimir Dzhuvinov : www.NimbusDS.com : [email protected] >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
