#116: Section 5.2. Message Signature or MAC Validation A. The MUST in the first sentence might not really be necessary - this is a description of what happens so there is an implicit must here.
B. The second sentence in the first paragraph does not take into account the fact that multiple signers can be present. C. Step 1 - This should be delete as this is all serialization text - it goes into section 7.1 for the compact serialization D. Step 2 - I don't understand what the purpose of the restriction is. If we have defined base64url to be unpadded - then it does not need to be stated as a restriction here. E. Step 3 - This should be combined into the previous step as how the JWS protected header is obtained. F. Step 4 - There is no such thing as a valid JSON object - it can be a syntactically valid string but it does not make sense to talk about it as an object. G. Step 5 - This step should be done in terms of the data model - and thus can probably be deleted. The JSON header is, by definition, the union of the protected and unprotected headers. H. Step 6 - If a duplicate header name exists, then what is the appropriate action to be performed by a verifier. I. Step 6 - I don't remember seeing a requirement on a sender that a member name can only appear once in a JWS Header. J. Step 6 - The second sentence in the current text can be deleted - The definition someplace should be stated that senders MUST ensure that it only occurs once in a JWS Header. K. Step 7 - This entire step should be deleted. If you read and evaluate what it says - this is a NOP statement. L. Step 10 - delete the text regarding alg - it belongs in the definition of alg M. Step 10 - Use a set of standard terms in JWA terms and simplify this N. Step 11 - This needs to be moved up - at or near the top of this section - it guides what happens if you have multiple signatures to validate. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: signature | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/116> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
