On 2013-12-11 22:44, Manu Sporny wrote: > Hi all, > > These are review comments on the JOSE stack of specifications before > they enter Last Call. The purpose of these comments is to try and figure > out if we can align multiple security, identity, and digital signature > initiatives.
I have one comment to this. SM (Secure Messaging) differs from its JOSE counterpart in several ways. One difference I believe is particularly significant is SM's ability to sign data "as is" rather than requiring conversion of the payload to base64. That is, regardless of the success of the JOSE stack, there will undoubtedly be important applications relying on information-rich data (like Web payments) which will deploy clear text signatures. Completely independent (and unaware) of Manu's work I recently designed a "brutally" scaled-down JSON-version of W3C's XML DSig which is another take on this subject: http://webpki.org/papers/keygen2/doc/jcs.html https://mobilepki.org/jcs To get some feeling for its usage you may take a peek at: https://openkeystore.googlecode.com/svn/resources/trunk/docs/sks-api-arch.pdf#page=23 I can't imagine that anybody developing such a cool system [:-)] would consider base64-encoded messages unless it was found to be a necessity. The actual implementation (which is extremely compact), shows that clear text signatures can be close to trivial if you design the parser with that in mind from the beginning: https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson Cheers, Anders _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
