Last Call: <draft-ietf-jose-jws-signing-input-options-06.txt> (JWS Unencoded Payload Option) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has received a request from the Javascript Object Signing and
Encryption WG (jose) to consider the following document:
- 'JWS Unencoded Payload Option'
  <draft-ietf-jose-jws-signing-input-options-06.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-12-09. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   JSON Web Signature (JWS) represents the payload of a JWS as a
   base64url encoded value and uses this value in the JWS Signature
   computation.  While this enables arbitrary payloads to be integrity
   protected, some have described use cases in which the base64url
   encoding is unnecessary and/or an impediment to adoption, especially
   when the payload is large and/or detached.  This specification
   defines a means of accommodating these use cases by defining an
   option to change the JWS Signing Input computation to not base64url-
   encode the payload.  This option is intended to broaden the set of
   use cases for which the use of JWS is a good fit.

   This specification updates RFC 7519 by prohibiting the use of the
   unencoded payload option in JSON Web Tokens (JWTs).




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-options/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-options/ballot/


No IPR declarations have been submitted directly on this I-D.





[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux