Hi All,
I've experimented in our project with having HTTP attachment parts
protected using JWS with Detached Content and Unencoded Payload options [1].
This approach appears to be quite effective to me. It also appears to me
that the data as shown in the example at [1], can, in principle, be
produced and processed by any HTTP stack that can work with multiparts,
assuming a JOSE library supporting the detached and unencoded content is
also available.
I'd appreciate if the experts could comment on 1) do you see some
weaknesses in the proposed approach and 2) can someone see a point in
drafting some text around it (I can contribute if it is of interest) ?
Thanks, Sergey
[1]
http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-SigningandVerificationofHTTPAttachments
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
