On second thought: It seems like the signature should actually be over the UTF-8 octets, rather than the base64 octets. To reason by analogy: For every other field in a JWE, you decode the field before using it in a cryptographic computation. So it should be the same with the protected header.
--Richard On Mon, Jun 10, 2013 at 12:28 PM, Richard Barnes <[email protected]> wrote: > This sounds like a fine idea to me. It saves space and makes the JSON > format more human-readable. It actually makes kind of a nice analogy to > ASN.1, namely use of OCTET STRING to encapsulate more DER content. > > The compact serialization can continue to base64url-encode that field, so > it would not be a breaking change for that serialization. > > --Richard > > > On Mon, Jun 10, 2013 at 1:46 AM, Jim Schaad <[email protected]>wrote: > >> <no hat>**** >> >> ** ** >> >> I am trying to figure out if I am missing something. This is not yet a >> formal proposal to actual change the document.**** >> >> ** ** >> >> I was thinking about proposing that we make a change to the content of >> the protected field in the JWS JSON serialization format. If we encoded >> this as a UTF8 string rather than the base64url encoded UTF8 string, then >> the content would be smaller. The computation of the signature would be >> unchanged in that it would still be computed over the base64url encoded >> string. I believe that the conversion from the UTF8 string to the >> base64url encoded UTF8 string is a deterministic encoding and thus would >> not generate any problems from that point.**** >> >> ** ** >> >> At this point I and trying to figure out if I missed anything that would >> preclude this from working. I am not worried about how hard or easy it >> would be to do, just if it is even possible.**** >> >> ** ** >> >> Jim**** >> >> ** ** >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >> >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
