Sorry - the note below was sent to the wrong thread. Please disregard.
________________________________
From: Mike Jones<mailto:[email protected]>
Sent: 2/2/2015 1:22 PM
To: Stephen Farrell<mailto:[email protected]>; Richard
Barnes<mailto:[email protected]>
Cc: Jim Schaad<mailto:[email protected]>;
[email protected]<mailto:[email protected]>; ⌘ Matt Miller<mailto:[email protected]>
Subject: Re: [jose] Working Group last call on draft-ietf-jose-jwk-thumbprint
Internal Microsoft IoT people (in different groups from mine) are sending me
requests like this...
-- Mike
The JWT’s signature rules are particular about JSON in UTF-8 and base64
encoding is required and as the IoT customers we run into are extremely
concerned about data transfer volume, every byte we can save there counts and
signature values do add up quickly. Encodings like the ones I listed above
encode arrays of octets as such.
For illustration of the bandwidth greed: there are network operators like
Sigfox that sell data plans with an allowance of 140 messages per device and
per day with 12 bytes (!) per message in payload. I’m not suggesting that we do
anything with JWTs in that particular case, but this marks the lower end of a
spectrum of which LTE marks the ultra-expensive top when you look at commercial
M2M data contracts. Payloads of 100+ bytes are big for many solutions.
The majority of the work in the current JOSE drafts appears to be reusable for
the other encoding types of the “JSON structural family” like the ones I
enumerated above, except for the actual signature construction and the
text-biased token encoding using base64.
The context in which I’m looking at JWT/JWS is for message-level payload
signatures for the purposes of origin attestation and authorization, whereby
the signing keys are derived keys scoped to the particular operation/message. A
signed payload message might look suspiciously like a JWT.
-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Stephen Farrell
Sent: Friday, January 23, 2015 10:04 AM
To: Richard Barnes
Cc: Jim Schaad; [email protected]; ⌘ Matt Miller
Subject: Re: [jose] Working Group last call on draft-ietf-jose-jwk-thumbprint
On 23/01/15 17:57, Richard Barnes wrote:
>> >
>> > I think it's at least arguable that that'd be worth the code to
>> > produce a hashed SPKI and better than either aiming for the
>> > simplest possible code, or for the current hash input from the
>> > draft.
>> >
> Dude, seriously. The whole point of this WG is to not do ASN.1.
Yeah well, it's just a different fixed template so it's not "doing" ASN.1 at
all really, or only about as much as PKCS#1 requires, which is almost nothing.
And SPKI formatted export of public keys is supported directly in lots of
crypto libraries, incl. WebCrypto so it's probably even less lines of code if
the key was already imported/generated. And it is the same as some other
protocols use, providing interop, which is also the whole point of this and
other WGs I'd guess (...dude:-)
S.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
