On 12/11/2013 11:03 PM, Anders Rundgren wrote: > I have one comment to this. SM (Secure Messaging) differs from its > JOSE counterpart in several ways. One difference I believe is > particularly significant is SM's ability to sign data "as is" rather > than requiring conversion of the payload to base64.
Good point, as we found base64 encoding the payload (while an easier solution) to be more difficult to debug when dealing with typical Web stack debugging tools and messages. That is, this pushes the burden onto the Web developer when the burden should be on the implementers of the digital signature mechanism (SM / JOSE). For example, when transmitting and receiving signed data, a developer would have to do an extra step of base64 decoding the payload to see the data that was sent while trying to debug an issue with the contents of the payload. While this sounds like a fairly benign issue, the process would have to be done many, many times throughout the day leading to mental fatigue. You could make the argument that tools will be developed for this requirement. The counter-argument being that it would be better to eliminate the tool than require more applications to be added to the stack of tools required to do Web development. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Worlds First Web Payments Workshop http://www.w3.org/2013/10/payments/ _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
