#36: Algorithm "none" should be removed Description changed by [email protected]:
Old description: > Rather than having an algorithm none, this should be a degenerate case of > JWS that is defined by and detected in the JWS specification. I would > suggest that we define it as being - if the "alg" and "enc" items are > absent, then there is no signature on the message. This would still > allow the "zip" item to be present on the message to give you both a data > carrying JOSE object and allow for compression. Additionally one could > define a new typ value of "DATA" to indicate that we are just carrying a > payload and it is not acutally a JWS object. New description: Rather than having an algorithm none, this should be a degenerate case of JWS that is defined by and detected in the JWS specification. I would suggest that we define it as being - if the "alg" and "enc" items are absent, then there is no signature on the message. This would still allow the "zip" item to be present on the message to give you both a data carrying JOSE object and allow for compression. Additionally one could define a new typ value of "DATA" to indicate that we are just carrying a payload and it is not acutally a JWS object. Note: There was extensive discussion on the mailing list, and the rough consensus of the working group was to leave "none" in the document. -- -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: closed Priority: major | Milestone: Component: json-web- | Version: signature | Resolution: fixed Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/36#comment:6> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
