On 2015-01-13 22:15, Mike Jones wrote:
Then we also need to delete this sentence in
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-39#appendix-B,
since it’s incorrect:
Note that since these strings contain
base64 encoded (not base64url encoded) values, they are allowed to
contain white space and line breaks.
Good!
So then the only remaining issue may be how to cope with the fragmentation
that will occur if the JOSE WG ignores the XML to JSON converts who can't
imagine dressing business messages in Base64URL:
https://openkeystore.googlecode.com/svn/wcpp-payment-demo/trunk/docs/messages.html#UserAuthorizesTransaction
Cheers,
Anders
https://mobilepki.org/jcs
Thanks for the last-minute catch!
-- Mike
*From:*John Bradley [mailto:[email protected]]
*Sent:* Tuesday, January 13, 2015 11:50 AM
*To:* Mike Jones
*Cc:* Anders Rundgren; [email protected]
*Subject:* Re: [jose] "x5c" - JSON Compatible?
Mike,
According to [RFC4648] Section 4
<https://tools.ietf.org/html/rfc4648#section-4> whitespace are not valid
base64 encoding characters.
Older PEM specifications required breaking up into lines of 64 characters.
Most base64 decoders ignore whitespace to be backwards compatible, but that
doesn't make whitespace valid to produce.
Some software like openSSL will need the strings "-----BEGIN CERTIFICATE-----" and
"-----END CERTIFICATE-----" appended and line breaks added for import.
I don't see the text about including line breaks in the current draft 39 Sec
4.7. of JWK.
I think the only thing required is the note about line breaks within values
being for display only is all that is needed.
So no whitespace in the value and applications add it if required for importing
as a PEM encoded cert.
John B.
On Jan 13, 2015, at 3:33 PM, Mike Jones <[email protected]
<mailto:[email protected]>> wrote:[RFC4648] Section 4
<https://tools.ietf.org/html/rfc4648#section-4>
We should add the standard disclaimer “(with line breaks within values for
display purposes only)” to the description of the example.
-- Mike
*From:*jose [mailto:[email protected]]*On Behalf Of*Mark Watson
*Sent:*Tuesday, January 13, 2015 8:53 AM
*To:*Anders Rundgren
*Cc:*Richard Barnes;[email protected] <mailto:[email protected]>
*Subject:*Re: [jose] "x5c" - JSON Compatible?
On Tue, Jan 13, 2015 at 4:13 AM, Anders Rundgren <[email protected]
<mailto:[email protected]>> wrote:
On 2015-01-13 12:35, Richard Barnes wrote:
On Tuesday, January 13, 2015, Anders Rundgren <[email protected]
<mailto:[email protected]><mailto:[email protected]
<mailto:[email protected]>>> wrote:
The spec claims the following:
"Note that since these strings contain base64 encoded
(not base64url encoded) values, they are allowed to contain
white space and line breaks."
Is this really JSON compliant?
I didn't interpret the JSON spec in that way and Python and Chrome
seems to agree with me.
What's I'm missing here?
Are you seriously suggesting that JSON strings can't contain white space?
Control characters have to be escaped, but they can definitely be there.
JSON.parse('["this is...\\u000A...a string"]')
Sure, but the example in appendix B wouldn't parse.
Shouldn't a proper text say that possible line-breaks MUST be properly
escaped.
Line breaks in JSON do have to be escaped, either as above or with \r \n. This
is clear atwww.json.org <http://www.json.org/>.
…Mark
Anders
--Richard
Cheers
Anders
_________________________________________________
jose mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/__listinfo/jose<https://www.ietf.org/mailman/listinfo/jose>
_______________________________________________
jose mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
