Hi List, In theory JOSE is done since we have key containers, as well as signature and encryption constructs.
In reality it is not because the topic I raised a long time ago namely the ability to sign clear-text JSON data in a similar fashion like in XML DSig simply isn't going away: No, it is not only yours truly who is into JSON clear-text signing although it seems that everybody is dealing with this issue in quite different ways. This may actually only be good since then there are some real-world (tested) schemes to select from. AFAICT they all have (even including my own take on the subject...), clearly identifiable pros and cons. The rationale is simple: Documentation, Validation, Development and Debugging of complex JSON messages becomes easier if the content is provided in clear. There could be justification for IETF taking on such a work-item. Anders _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
