Since the value of clear text messaging has been unilaterally declared to be zero, maybe other and more sophisticated uses of JCS could be of some interest?
In Saturn[1] JCS is used in many different ways including for signing and authenticated encryption. However, the ability to only take a hash of JSON objects has also been put to good work. Yes, "hashable" JSON is what JCS really is. Full canonicalization of JSON is something else and from a *practical point of view* essentially impossible. Consider the following (slightly simplified) payment authorization scheme: 1. Merchant creates a signed PaymentRequest in the form of a JSON object and sends it to the User for authorization. 2. The User (SW) creates a JSON object with a set of properties including a timestamp, account ID and a hash of the received PaymentRequest. 3. The User (SW) signs the new JSON object using an account- and user-specific authorization private key. 4. The User (SW) encrypts the signed JSON object (User authorization) using a bank-specific encryption public key. 5. The User (SW) returns the encrypted authorization object + URL to the User's Bank to the Merchant. 6. The Merchant puts the PaymentRequest, the encrypted User authorization object and a Merchant receive account in a new JSON object. 7. The Merchant counter-signs the new JSON object and sends it to the User's Bank for "redemption". 8. The User's Bank verifies the inner and outer Merchant signatures and decrypts the User authorization object. 9. The User's Bank verifies that the User authorization object is signed by a key matching the claimed account ID. 10. If the hash of the Merchant-supplied PaymentRequest matches that of the hash in the User authorization object the request is considered valid. Next follows the actual payment transaction... Using JWS with in-line Base64Url-encoding, the PaymentRequest would need to be *duplicated* in step #2. This may not seem like a big deal but why duplicate data if it is not necessary? JCS is BTW used some 8 times above. Hashed JSON is also used in other places in Saturn for privacy-enhancing purposes (selective disclosure). *Quirky and potentially error-prone signature solutions like TEEP's OTrP* shows another limitation of plain-vanilla JWS: https://mailarchive.ietf.org/arch/msg/dispatch/ULq1QoecXC0xXu6M5o6m3xPtUPQ Thanx, Anders 1] https://cyberphone.github.io/doc/saturn _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
