James,
I have been thinking about what you are saying in your mail. 1. I agree with your question about doing an update to RFC 7515. It would be perfectly reasonable to mark this draft as doing an update because it is defining a new header that can be placed in a JWS message. It is probably not required but needs to be considered. It does not invalidate the 7515 version of JWS as being URL-safe. It would be recognized if you are doing this document that the safety would be different. 2. I think that there should be a recommendation that a "crit" parameter stated as required (or at least strongly recommended) that lists the "b64" header parameter in it. At a minimum there should be a discussion about the use of the "crit" parameter in this context. Jim From: jose [mailto:[email protected]] On Behalf Of Manger, James Sent: Tuesday, October 13, 2015 7:55 PM To: Mike Jones <[email protected]>; [email protected] Subject: Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments Shouldn't draft-ietf-jose-jws-signing-input-options update RFC 7515 "JWS"? That seems quite important as draft-ietf-jose-jws-signing-input-options changes the meaning of valid JWS messages (new "b64" field that cannot be ignored, but is not listed in "crit"), and allows a bunch of previously invalid chars in JWS Compact Serializations (invalidating the JWS definition of Compact Serialization as a "URL-safe string"). -- James Manger From: jose [mailto:[email protected]] On Behalf Of Mike Jones Sent: Wednesday, 14 October 2015 10:49 AM To: [email protected] <mailto:[email protected]> Subject: [jose] JWS Unencoded Payload Option spec addressing WGLC comments Draft -03 of the JWS Unencoded Payload Option specification addresses the working group last call comments received. Thanks to Jim Schaad, Vladimir Dzhuvinov, John Bradley, and Nat Sakimura for the useful comments. Changes were: * Allowed the ASCII space character and all printable ASCII characters other than period ('.') in non-detached unencoded payloads using the JWS Compact Serialization. * Updated the abstract to say that that the spec updates RFC 7519. * Removed unused references. * Changed the change controller to IESG. The specification is available at: * https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-03 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-03.ht ml -- Mike P.S. This note was also published at http://self-issued.info/?p=1465 and as @selfissued <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.co m%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7c3a69db7b8b6c4d 47da0f08d2937a3d82%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ggurSMkRVW%2 bR8Nv93Mnbsf16CmVGqfjB9lW8SV5gAKM%3d> .
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
