[Openid-specs-fapi] I-D: draft-jordan-jws-ct-00
Stuart Low
stuart at biza.io
Sat Nov 21 23:17:36 UTC 2020
If I understand this spec correctly the intent is to place a signature as
an inline attribute to the original payload (ie. add a `signature` key)?
I'm not so sure I'm onboard with inline modification of the original
payload for a signature of the payload itself. I raise this because parsing
then modifying a payload to return it back to it's original state before
being able to verify it in the first place seems counter intuitive.
Have you considered a "JWS/JWE like" envelope instead? ie:
{
"signature": "abc"
},
{
"payload1": "x"
"payload2": "y"
}
Thanks,
Stuart
On Fri, Nov 20, 2020 at 10:42 PM Anders Rundgren via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> https://www.ietf.org/archive/id/draft-jordan-jws-ct-00.html
>
> Abstract:
> This document describes a method for extending the scope of the JSON
> Web Signature (JWS) standard, called JWS/CT. By combining the
> detached mode of JWS with the JSON Canonicalization Scheme (JCS),
> JWS/CT enables JSON objects to remain in the JSON format after being
> signed (aka "Clear Text" signing).
>
> On-line service for testing/evaluation: https://mobilepki.org/jws-ct
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20201122/ee0af562/attachment.html>
More information about the Openid-specs-fapi
mailing list