[Openid-specs-ab] c_hash and at_hash appear to be underspecified

Richer, Justin P. jricher at mitre.org
Wed May 15 21:24:58 UTC 2013 

+1 to A (with octets)

 -- Justin

On May 15, 2013, at 6:01 AM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:

I changed JWT and the JOSE specs to use “octet” over byte.  Shall I do the same for the Connect specs?  While it had previously been discussed in a JOSE context, no one had previously suggested making this change for Connect.

                                                            -- Mike

From: Nat Sakimura [mailto:sakimura at gmail.com<http://gmail.com>]
Sent: Wednesday, May 15, 2013 2:56 AM
To: John Bradley
Cc: Mike Jones; openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] c_hash and at_hash appear to be underspecified

Yes. A. And I keep saying this: I prefer the word "octets" to "bytes" as a byte can be different whereas an octet is deterministic.

2013/5/15 John Bradley <ve7jtb at ve7jtb.com<mailto:ve7jtb at ve7jtb.com>>
I think A is the intended.

Sent from my iPhone

On 2013-05-15, at 11:01 AM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
The specs use the language “hashing the "access_token"” and “hashing the "code"” when defining the at_hash and c_hash computations.  As I see it, the value to be hashed could be any of:

A.  The bytes of the ASCII representation access_token/code (which is the same as the UTF-8 representation because only ASCII characters may be used)
B.  The bytes of the little-endian UTF-16 representation of the access_token/code
C.  The bytes of the big-endian UTF-16 representation of the access_token/code

I assume that A is what people are actually doing, but I wanted to confirm that before clarifying the computation in the specifications.

                                                            -- Mike

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130515/5f59f77c/attachment.html>

More information about the Openid-specs-ab mailing list