Then we also need to delete this sentence in
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-39#appendix-B,
since it’s incorrect:
Note that since these strings contain
base64 encoded (not base64url encoded) values, they are allowed to
contain white space and line breaks.
Thanks for the last-minute catch!
-- Mike
From: John Bradley [mailto:[email protected]]
Sent: Tuesday, January 13, 2015 11:50 AM
To: Mike Jones
Cc: Anders Rundgren; [email protected]
Subject: Re: [jose] "x5c" - JSON Compatible?
Mike,
According to [RFC4648] Section 4<https://tools.ietf.org/html/rfc4648#section-4>
whitespace are not valid base64 encoding characters.
Older PEM specifications required breaking up into lines of 64 characters.
Most base64 decoders ignore whitespace to be backwards compatible, but that
doesn't make whitespace valid to produce.
Some software like openSSL will need the strings "-----BEGIN CERTIFICATE-----"
and "-----END CERTIFICATE-----" appended and line breaks added for import.
I don't see the text about including line breaks in the current draft 39 Sec
4.7. of JWK.
I think the only thing required is the note about line breaks within values
being for display only is all that is needed.
So no whitespace in the value and applications add it if required for importing
as a PEM encoded cert.
John B.
On Jan 13, 2015, at 3:33 PM, Mike Jones
<[email protected]<mailto:[email protected]>>
wrote:[RFC4648] Section 4<https://tools.ietf.org/html/rfc4648#section-4>
We should add the standard disclaimer “(with line breaks within values for
display purposes only)” to the description of the example.
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Mark Watson
Sent: Tuesday, January 13, 2015 8:53 AM
To: Anders Rundgren
Cc: Richard Barnes; [email protected]<mailto:[email protected]>
Subject: Re: [jose] "x5c" - JSON Compatible?
On Tue, Jan 13, 2015 at 4:13 AM, Anders Rundgren
<[email protected]<mailto:[email protected]>> wrote:
On 2015-01-13 12:35, Richard Barnes wrote:
On Tuesday, January 13, 2015, Anders Rundgren
<[email protected]<mailto:[email protected]>
<mailto:[email protected]<mailto:[email protected]>>>
wrote:
The spec claims the following:
"Note that since these strings contain base64 encoded
(not base64url encoded) values, they are allowed to contain
white space and line breaks."
Is this really JSON compliant?
I didn't interpret the JSON spec in that way and Python and Chrome seems to
agree with me.
What's I'm missing here?
Are you seriously suggesting that JSON strings can't contain white space?
Control characters have to be escaped, but they can definitely be there.
JSON.parse('["this is...\\u000A...a string"]')
Sure, but the example in appendix B wouldn't parse.
Shouldn't a proper text say that possible line-breaks MUST be properly escaped.
Line breaks in JSON do have to be escaped, either as above or with \r \n. This
is clear at www.json.org<http://www.json.org/>.
…Mark
Anders
--Richard
Cheers
Anders
_________________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/__listinfo/jose
<https://www.ietf.org/mailman/listinfo/jose>
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
