Counter signatures were actually the major "inspiration" for Canonical JSON since JWS based dittos are hard to debug and document due to the deep nesting of Base64Url encoded objects but it is still fully doable.
However, in a system which I will present at Trustech 2018, I came up with a counter signature scheme where JOSE simply put ran out of gas. https://cyberphone.github.io/doc/payments/payment-decentralization-scheme-1a.pdf In this system (very briefly): 1. a Merchant creates a Payment Request and sends it to the Payer for authorization 2. the Payer authorizes the Payment Request with his/her signature key. The signed authorization data includes a hash of the Payment Request 3. the Payer (for privacy reasons) encrypts the authorization data and returns it to the Merchant together with an unencrypted URL pointing to the Payer's bank 4. the Merchant sends the original Payment Request + the encrypted Payer authorization data to the Payer's banks for fulfillment 5. the Payer's bank decrypts and validates the authorization data, including verifying that the hash of the Merchant-supplied Payment Request matches the hash in the authorization data It seems to me that a JOSE based design would have to be architected in a fundamentally different way. Anders _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
