I would hope that we could do this work in the IETF. But, if the IETF community is not willing to entertain other use-cases and market needs, I am willing to help make this happen in another SDO.
The thing everyone needs to remember, just because you do not like something, does not mean the use case is not valid and it is not needed in the market. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Nov 24, 2018, at 12:16 AM, Anders Rundgren <[email protected]> > wrote: > > Since Open Banking's use of clear text signatures (enabled through HTTP > bindings and the downsides of that [1]), TEEP/OTrP's need for clear > text object type IDs (and the implications of that with respect to > signature validation [2]), as well as my own use of a hash only in a > novel counter signature scheme [3], haven't spurred a single comment > relating to the actual applications and how they {c|sh}ould make best > use of the existing or enhanced JOSE stack, there seems to be little > point continuing these discussions within the IETF. > > I'm still waiting for messages pointing out why JCS isn't working > (beyond anecdotes from the XML/WS* era). Since detached JWS signatures > is already a de-facto standard in Open Banking, claims that data to be > signed SHOULD be encoded in alien formats and then be embedded in specific > signature containers can safely be ignored unless somebody has a very > compelling > security story to share with us. > > Anyway, VmWare have a US patent on JSON clear text signatures [6] so maybe > it is toast from that perspective as well? Although I'm not a patent > lawyer this smells prior art by a mile! To me it only adds credibility > to the idea since the concepts are virtually identical:-) > > From the CBOR list I have gathered that the CBOR counterpart to JCS [4,5] > apparently is in a pretty bad shape. Carsten, you have a new job :-) > > thanx, > Anders > > 1] > http://lists.openid.net/pipermail/openid-specs-fapi/2018-November/001164.html > 2] https://www.ietf.org/mail-archive/web/jose/current/msg05810.html > 3] https://www.ietf.org/mail-archive/web/jose/current/msg05811.html > 4] https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 > 5] https://mobilepki.org/jws-jcs > 6] > https://patentimages.storage.googleapis.com/68/be/70/582930ff11703d/US20150341176A1.pdf
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
