On 2015-02-04 21:30, Mike Jones wrote:
> Thanks, Joe. I think this could be pretty straightforward. As I
> understand it, it would replace uses of JSON and base64url encoding
> with CBOR, but otherwise reuse as much of JOSE with as few changes as
> possible, such as reusing the algorithms, header parameters, etc.
That is one view (also the one that underlies
draft-bormann-jose-cose-00.txt).
Another view is that we could use the obvious incompatibility to "fix" a
few shortcomings of JOSE that have been caused by its need to stay
compatible with JWT and the likes.
I think the benefit of this needs to be carefully weighed against the
potential for confusion and the added committee time (which also
translates into real time) until these fixes converge.
(I'm personally not yet decided.)
> A
> few CBOR-specific features would be needed, such as defining the
> particular CBOR concatenation used to represent the JWS Signing Input
> (instead of "ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' ||
> BASE64URL(JWS Payload))", which is JSON-specific).
Yes. draft-bormann-jose-cose-00.txt says:
* where the output of the base64url function was to be joined by
ASCII dots (".") with other such outputs, CBOR encoding of an
array built from the inputs, each represented as a byte string,
is used.
which seems like the natural way to do this.
Gruesse, Carsten
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
