On 2018-11-23 18:37, Jim Schaad wrote:
I am having a potential terminology problem. When I read the term Counter
Signature, I am used to this meaning that I am signing a signature,
potentially with some additional information. I am not sure that this is
what you have going on below. Are these signatures "nested" or "parallel"
or "on the previous signature"?
Well, it is "sort of" counter signature. The Payment Request is indeed signed.
Anyway, the core is simply that taking a hash of a JSON object have multiple
applications.
Anders
Jim
-----Original Message-----
From: jose <[email protected]> On Behalf Of Anders Rundgren
Sent: Thursday, November 22, 2018 11:50 PM
To: [email protected]
Subject: [jose] JWS Counter Signatures
Counter signatures were actually the major "inspiration" for Canonical
JSON
since JWS based dittos are hard to debug and document due to the deep
nesting of Base64Url encoded objects but it is still fully doable.
However, in a system which I will present at Trustech 2018, I came up with
a
counter signature scheme where JOSE simply put ran out of gas.
https://cyberphone.github.io/doc/payments/payment-decentralization-scheme-
1a.pdf
In this system (very briefly):
1. a Merchant creates a Payment Request and sends it to the Payer for
authorization 2. the Payer authorizes the Payment Request with his/her
signature key. The signed authorization data includes a hash of the
Payment
Request 3. the Payer (for privacy reasons) encrypts the authorization data
and
returns it to the Merchant together with an unencrypted URL pointing to
the
Payer's bank 4. the Merchant sends the original Payment Request + the
encrypted Payer authorization data to the Payer's banks for fulfillment 5.
the
Payer's bank decrypts and validates the authorization data, including
verifying
that the hash of the Merchant-supplied Payment Request matches the hash in
the authorization data
It seems to me that a JOSE based design would have to be architected in a
fundamentally different way.
Anders
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
