This seems like a reasonable change to me and the rationale stated below makes
sense. What do others think?
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Vladimir Dzhuvinov / NimbusDS
Sent: Thursday, September 20, 2012 8:54 AM
To: [email protected]
Subject: [jose] Use JSON array for JWS/JWE x5c parameter?
Hi guys,
If I understand correctly, the JWS and JWE specs say that the "x5c"
parameter is a JSON string:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05#section-4.1.6
The example:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05#appendix-B
Wouldn't be more sensible to use a JSON array to represent the chain of
X.509 certs? Instead of a string of concatenated B64 data with "-----BEGIN
CERTIFICATE-----" and "-----END CERTIFICATE-----"
delimiters?
My case for using a JSON array:
1. A single parse of the header will do the chain as well - saves an extra
non-JSON parse operation to split the x5c into chunks.
2. Saves space.
3. Makes better use of the existing JSON header structure.
I suppose the current format was influenced by how X.509 chains are typically
exported by programs for file transfer/storage. However, in the case of
JWS/JWE, the x5c parameter will be created programmatically and there a JSON
array fits better.
What do you guys think?
Cheers,
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : [email protected]
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
