Hello everyone! This set of JWP drafts makes a number of changes which are detailed in the individual document history. I wanted to provide an additional summary of the big changes here as well to aid in review.
We changed the single use and MAC algorithms so that the entire presentation is covered by a holder signature. This required an internal representation (in the footsteps of JWS Signing Input and the COSE Sig_structure), but this representation needed it to not put undue burden on implementations which might only want to support JSON or support CBOR. We went with a construction based on binary concatenation and 64-bit length prefixes which coincidentally construct well-formed CBOR.. The MAC algorithm uses its own internal format (the Combined MAC Representation) to integrity protect the issued form, and we changed this to have a similar style as well. Part of the motivation for these was to allow the holder key to use a different algorithm than the issued form credential. This is useful for example if the issuer and holder each have HSM/secure element hardware with differing supported algorithms. It is certainly possible though that applications will profile this capability away for simplicity. The algorithm expected is baked in at issuance time via a new holder presentation algorithm (“hpa") parameter, to go alongside the holder’s public key. As part of these algorithm changes, an effort was made to add a bit more step-by-step guidance, especially around verification of received JWP. The CDDL had some corrections and clean-ups, so it should be more useful for implementers. There’s also a new “+cwp” structured suffix to go along with a simplified “+jwp” suffix. Finally, we used the change in the above algorithms to push forth a change in parameter names: - The “proof_key” header parameter is now called the issuer ephemeral key and has a shorter “iek" JSON label. - The “presentation_key” header parameter is now called the holder presentation key and has a shorter “hpk” JSON label. These name changes also hopefully clarified the various text describing their usage. -DW > On Jul 7, 2025, at 4:26 PM, internet-dra...@ietf.org wrote: > > Internet-Draft draft-ietf-jose-json-web-proof-10.txt is now available. It is a > work item of the Javascript Object Signing and Encryption (JOSE) WG of the > IETF. > > Title: JSON Web Proof > Authors: David Waite > Michael B. Jones > Jeremie Miller > Name: draft-ietf-jose-json-web-proof-10.txt > Pages: 32 > Dates: 2025-07-07 > > Abstract: > > The JOSE set of standards established JSON-based container formats > for Keys, Signatures, and Encryption. They also established IANA > registries to enable the algorithms and representations used for them > to be extended. Since those were created, newer cryptographic > algorithms that support selective disclosure and unlinkability have > matured and started seeing early market adoption. The COSE set of > standards likewise does this for CBOR-based containers, focusing on > the needs of environments which are better served using CBOR, such as > constrained devices and networks. > > This document defines a new container format similar in purpose and > design to JSON Web Signature (JWS) and COSE Signed Messages called a > _JSON Web Proof (JWP)_. Unlike JWS, which integrity-protects only a > single payload, JWP can integrity-protect multiple payloads in one > message. It also specifies a new presentation form that supports > selective disclosure of individual payloads, enables additional proof > computation, and adds a protected header to prevent replay. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-jose-json-web-proof-10.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-jose-json-web-proof-10 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > jose mailing list -- jose@ietf.org > To unsubscribe send an email to jose-le...@ietf.org _______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
