Congrats! 2016年2月26日(金) 9:00 Mike Jones <[email protected]>:
> The JWS Unencoded Payload Option specification is now RFC 7797 > <http://www.rfc-editor.org/info/rfc7797> – an IETF standard. The > abstract describes the specification as: > > > > JSON Web Signature (JWS) represents the payload of a JWS as a > base64url-encoded value and uses this value in the JWS Signature > computation. While this enables arbitrary payloads to be integrity > protected, some have described use cases in which the base64url encoding is > unnecessary and/or an impediment to adoption, especially when the payload > is large and/or detached. This specification defines a means of > accommodating these use cases by defining an option to change the JWS > Signing Input computation to not base64url-encode the payload. This option > is intended to broaden the set of use cases for which the use of JWS is a > good fit. > > > > This specification updates RFC 7519 by stating that JSON Web Tokens (JWTs) > MUST NOT use the unencoded payload option defined by this specification. > > > > This option is used by including the header parameters "b64":false and > "crit":["b64"]. JWTs never use this option. > > > > -- Mike > > > > P.S. This note was also published at http://self-issued.info/?p=1550 and > as @selfissued <https://twitter.com/selfissued>. > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
