<p dir="ltr">A</p>
<div class="gmail_quote">On May 15, 2013 2:25 PM, "Richer, Justin P." <<a href="mailto:jricher@mitre.org">jricher@mitre.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
+1 to A (with octets)
<div><br>
</div>
<div> -- Justin</div>
<div><br>
<div>
<div>On May 15, 2013, at 6:01 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:</div>
<br>
<blockquote type="cite">
<div lang="EN-US" link="blue" vlink="purple" style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I changed JWT and the JOSE specs to use “octet” over byte. Shall I do the same for the Connect specs? While it had previously been discussed in a JOSE context, no one
had previously suggested making this change for Connect.<u></u><u></u></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> -- Mike<u></u><u></u></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"><span> </span>Nat Sakimura [mailto:<a href="mailto:sakimura@" target="_blank">sakimura@</a><a href="http://gmail.com" target="_blank">gmail.com</a>]<span> </span><br>
<b>Sent:</b><span> </span>Wednesday, May 15, 2013 2:56 AM<br>
<b>To:</b><span> </span>John Bradley<br>
<b>Cc:</b><span> </span>Mike Jones; <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">
openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b><span> </span>Re: [Openid-specs-ab] c_hash and at_hash appear to be underspecified<u></u><u></u></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div>
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
Yes. A. And I keep saying this: I prefer the word "octets" to "bytes" as a byte can be different whereas an octet is deterministic. <u></u><u></u></div>
</div>
<div>
<p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></p>
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
2013/5/15 John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>><u></u><u></u></div>
<div>
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
I think A is the intended. <br>
<br>
Sent from my iPhone<u></u><u></u></div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">
<br>
On 2013-05-15, at 11:01 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" style="color:purple;text-decoration:underline" target="_blank">Michael.Jones@microsoft.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
The specs use the language “hashing the "access_token"” and “hashing the "code"” when defining the at_hash and c_hash computations. As I see it, the value to be hashed could be any of:<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
A. The bytes of the ASCII representation access_token/code (which is the same as the UTF-8 representation because only ASCII characters may be used)<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
B. The bytes of the little-endian UTF-16 representation of the access_token/code<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
C. The bytes of the big-endian UTF-16 representation of the access_token/code<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
I assume that A is what people are actually doing, but I wanted to confirm that before clarifying the computation in the specifications.<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
-- Mike<u></u><u></u></div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u><u></u></div>
</blockquote>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><u></u><u></u></div>
</blockquote>
</div>
<p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><u></u><u></u></p>
</div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<br>
<br clear="all">
<u></u><u></u></div>
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div>
</div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
--<span> </span><br>
Nat Sakimura (=nat)<u></u><u></u></div>
<div>
<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" style="color:purple;text-decoration:underline" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<u></u><u></u></div>
</div>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div>