After virtually eons of time https://www.rfc-editor.org/rfc/rfc8785 has finally been published. It wouldn't have happened without the input from the IETF community!
Since canonicalization in itself is fairly useless, there are several additional work-items building on JCS (RFC 8785) in the pipe-line: On-line demo/test using JWS: https://mobilepki.org/jws-jcs On-line demo/test using an "unwrapped" JWS called JSON Signature Format (JSF): https://mobilepki.org/jsf-lab A real-world implementation by OWASP using JSF: https://cyclonedx.org/use-cases/#authenticity There is also an "unwrapped" JWE called JSON Encryption Format (JEF), currently published as an HTML document: https://cyberphone.github.io/doc/security/jef.html If anybody out there would be interested in "RFC-ing" JWS-JCS, JSF, or JEF, please drop me a line. The current plan is publishing the additional RFCs using the Independent Stream, rather than as IETF standards. Anders _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
