I must admit, I was surprised to see this RFC, because very little discussion
of it happened on the JOSE mailing list. The last mention I can see of it was
in February 2019 - the same time you were proposing to take this to
SecDispatch. I never heard of it again after that.
So that any future related efforts have an opportunity for widespread review,
particularly if they are JOSE related, I'd request that you and others working
on them also post drafts to the JOSE mailing list, even if you're working in
the Independent Stream.
There are things I would have commented on in JCS if I'd seen intermediate
drafts before it became an RFC. (For instance, I would have asked for explicit
serialization instructions for the one ASCII control character not in the range
0x00-0x1F - 0x7F (DEL).)
Thanks,
-- Mike
-----Original Message-----
From: jose <[email protected]> On Behalf Of Anders Rundgren
Sent: Friday, July 10, 2020 11:41 AM
To: [email protected]
Subject: [jose] Beyond RFC 8785 (JSON Canonicalization Scheme)
After virtually eons of time https://www.rfc-editor.org/rfc/rfc8785 has finally
been published.
It wouldn't have happened without the input from the IETF community!
Since canonicalization in itself is fairly useless, there are several
additional work-items building on JCS (RFC 8785) in the pipe-line:
On-line demo/test using JWS: https://mobilepki.org/jws-jcs On-line demo/test
using an "unwrapped" JWS called JSON Signature Format (JSF):
https://mobilepki.org/jsf-lab
A real-world implementation by OWASP using JSF:
https://cyclonedx.org/use-cases/#authenticity
There is also an "unwrapped" JWE called JSON Encryption Format (JEF), currently
published as an HTML document:
https://cyberphone.github.io/doc/security/jef.html
If anybody out there would be interested in "RFC-ing" JWS-JCS, JSF, or JEF,
please drop me a line.
The current plan is publishing the additional RFCs using the Independent
Stream, rather than as IETF standards.
Anders
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose