On Mon, 22 Oct 2012 15:20:01 -0400 Daniel Holth <dho...@gmail.com> wrote: > > The decoded contents are like the JSON documents at > http://www.python.org/dev/peps/pep-0427/#json-web-signatures-extensions > > Signing is implemented at: > https://bitbucket.org/dholth/wheel/src/tip/wheel/signatures/__init__.py?at=default#cl-25 > > The SHA-256 hash of RECORD is what is signed together with JWS > signature header. The JWS spec elaborates on the general format.
Thank you. Could you fix the terminology in the PEP? You are using the term "payload" in a different sense from the JWS draft. Specifically, the PEP should mention that the "JWS Payload" is the binary contents of the RECORD file. What you are calling payload is actually the "JWS Signature". Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
