Note, however, that enabling that find/replace does require that we design the JSON form correctly -- namely by having direct signing.
On Thursday, August 29, 2013, Daniel Holth wrote: > On Thu, Aug 29, 2013 at 1:33 PM, Richard Barnes <[email protected]> wrote: > > Out of curiosity, I encoded an example JWS object using a notional > > serialization based on CBOR [1][2]. If you use a lightly optimized > format > > (cbor([unprotected, protected, payload, signature])), then you actually > end > > up being around 33% smaller than the compact representation, around 10% > > smaller after base64url-encoding the CBOR. And if you don't support > > protected headers (and there's direct signing), you don't need a base64 > > encoder/decoder because CBOR supports octet strings natively. Full > results > > below. > > > > Just sayin'. > > > > --Richard > > > > [1] <http://tools.ietf.org/html/draft-bormann-cbor-06#section-2.2> > > [2] <http://cbor.me/> > > > > > > > > Format Size > > ========================= > > bare/no metadata 52 > > JSON 140 > > Compact 108 > > CBOR+JSON 104 > > CBOR+JSON+base64 138 > > CBOR+arr 72 > > CBOR+arr+base64 99 > > > > > > { > > "unprotected": { > > "alg": "HS256", > > "kid": "1" > > }, > > /* For CBOR */ > > "payload": "Dulce et decorum est", > > "signature": > > h'7626a08d4077a247d5503cadace62686ca015d4efd9ea9ecce00aa94a690eff5' > > /* For JSON */ > > "payload": "RHVsY2UgZXQgZGVjb3J1bSBlc3QK", > > "signature": "h6GulZdo+sCsd2dQ5MaBXKf0AHZ6sAtur1nmCDELPo8" > > } > > > > [ > > { > > "alg": "HS256", > > "kid": "1" > > }, > > null, > > "Dulce et decorum est", > > h'7626a08d4077a247d5503cadace62686ca015d4efd9ea9ecce00aa94a690eff5' > > ] > > > > JSON > > > {"unprotected":{"alg":"HS256","kid":"1"},"payload":"RHVsY2UgZXQgZGVjb3J1bSBlc3QK","signature":"h6GulZdo+sCsd2dQ5MaBXKf0AHZ6sAtur1nmCDELPo8"} > > > > Compact > > > eyJhbGciOiJIUzI1NiIsImtpZCI6IjEifQo.RHVsY2UgZXQgZGVjb3J1bSBlc3QK.h6GulZdo+sCsd2dQ5MaBXKf0AHZ6sAtur1nmCDELPo8 > > > > CBOR+JSON > > > a36b756e70726f746563746564a263616c67654853323536636b69646131677061796c6f61647444756c6365206574206465636f72756d20657374697369676e617475726558207626a08d4077a247d5503cadace62686ca015d4efd9ea9ecce00aa94a690eff5 > > > > CBOR+JSON+base64 > > > o2t1bnByb3RlY3RlZKJjYWxnZUhTMjU2Y2tpZGExZ3BheWxvYWR0RHVsY2UgZXQgZGVjb3J1bSBlc3Rpc2lnbmF0dXJlWCB2JqCNQHeiR9VQPK2s5iaGygFdTv2eqezOAKqUppDv9Q > > > > CBOR+arr [unprotected, protected, payload, signature] > > > 84a263616c67654853323536636b69646131f67444756c6365206574206465636f72756d2065737458207626a08d4077a247d5503cadace62686ca015d4efd9ea9ecce00aa94a690eff5 > > > > CBOR+arr+base64 > > > hKJjYWxnZUhTMjU2Y2tpZGEx9nREdWxjZSBldCBkZWNvcnVtIGVzdFggdiagjUB3okfVUDytrOYmhsoBXU79nqnszgCqlKaQ7/U > > > > > > _______________________________________________ > > jose mailing list > > [email protected] <javascript:;> > > https://www.ietf.org/mailman/listinfo/jose > > > > I think this is the right way to go for anyone who is uncomfortable by > the size of base64. Find a JSON replacement that supports binary, > find/replace in the JWS specification, and Bob's your uncle. >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
