[Openid-specs-fapi] I-D: draft-jordan-jws-ct-00
stuart at biza.io
Sat Nov 21 23:17:36 UTC 2020
If I understand this spec correctly the intent is to place a signature as
an inline attribute to the original payload (ie. add a `signature` key)?
I'm not so sure I'm onboard with inline modification of the original
payload for a signature of the payload itself. I raise this because parsing
then modifying a payload to return it back to it's original state before
being able to verify it in the first place seems counter intuitive.
Have you considered a "JWS/JWE like" envelope instead? ie:
On Fri, Nov 20, 2020 at 10:42 PM Anders Rundgren via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> This document describes a method for extending the scope of the JSON
> Web Signature (JWS) standard, called JWS/CT. By combining the
> detached mode of JWS with the JSON Canonicalization Scheme (JCS),
> JWS/CT enables JSON objects to remain in the JSON format after being
> signed (aka "Clear Text" signing).
> On-line service for testing/evaluation: https://mobilepki.org/jws-ct
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi