On Sun, 18 Nov 2018, 20:37 David Waite <[email protected] wrote:
> Not to be a jerk (I promise!), but is there documentation of the TEEP > issues with using JWS/JWE structure? > > The existing specs seem to use JOSE as-is, I didn’t immediately see > anything on the ML or in GitHub issues. > Correct. Since the requirement was using standardized security solutions but also maintaining a reasonable message structure, they didn't have any option but adding a redundant layer like the TAInformation / TAInformationTBS pair. I was in a similar position having a bunch of systems to be converted from XML to JSON. Unlike TEEP, I had the freedom to select any working solution which is the background to this work. > It is difficult to fairly argue a specific desired solution to a > non-disclosed problem set. Especially when so many people have battle scars > from implementing that solution in the past. Implementing, documenting and verifying this concept took quite some time but apart from a math bug in .NET there were no surprises whatsoever. The problem set is described, here is a short version: - Keeping signed JSON in JSON format - Enabling a consistent message structure regardless if messages are signed or not - Supporting signed JavaScript objects Anders https://mobilepki.org/jws-jcs > > -DW > > > On Nov 18, 2018, at 11:06 AM, Anders Rundgren < > [email protected]> wrote: > > > > There's no mystery going on here. The TEEP folks needed Signed Data > rather than Signature objects with embedded Data. > >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
