[Openid-specs-fapi] ISE state changed for draft-rundgren-json-canonicalization-scheme

Anders Rundgren anders.rundgren.net at gmail.com
Wed Jul 31 06:31:16 UTC 2019


The ISE state of draft-rundgren-json-canonicalization-scheme has been changed
to "Finding Reviewers" by Adrian Farrel:

https://datatracker.ietf.org/doc/draft-rundgren-json-canonicalization-scheme/

------------------------------------------------------------------------------
Now is the time throwing your rotten tomatoes :)

Note though that JCS is only an algorithm that serializes JSON data.  It has the same security characteristics as any other serializer.
If JCS is incorrectly implemented and used in a signature context, signatures will most likely not validate.
A signature that does not validate would (in any reasonably designed system NB) cause requests to be rejected which is not a security problem but a nuisance/interoperability issue.

A security problem is if you in some way could trick a system to circumvent the normal procedures; JCS does not offer such a possibility.

Anders


More information about the Openid-specs-fapi mailing list