[Openid-specs-fapi] ISE state changed for draft-rundgren-json-canonicalization-scheme
Anders Rundgren
anders.rundgren.net at gmail.com
Wed Jul 31 06:31:16 UTC 2019
The ISE state of draft-rundgren-json-canonicalization-scheme has been changed
to "Finding Reviewers" by Adrian Farrel:
https://datatracker.ietf.org/doc/draft-rundgren-json-canonicalization-scheme/
------------------------------------------------------------------------------
Now is the time throwing your rotten tomatoes :)
Note though that JCS is only an algorithm that serializes JSON data. It has the same security characteristics as any other serializer.
If JCS is incorrectly implemented and used in a signature context, signatures will most likely not validate.
A signature that does not validate would (in any reasonably designed system NB) cause requests to be rejected which is not a security problem but a nuisance/interoperability issue.
A security problem is if you in some way could trick a system to circumvent the normal procedures; JCS does not offer such a possibility.
Anders
More information about the Openid-specs-fapi
mailing list