There’s also nothing stopping the header from having a “.” in it, though, especially if it’s a private header parameter as defined in JWS § 4.3, to say nothing of the values of these parameters. In fact, it is practically guaranteed that the “jku” parameter will have “.” in it several times over, since its value is a URI.
The “.” works in the b64-armored compact version of JOSE because it is a character that does not show up in the B64url alphabet, anywhere. So you can just do a string split, then decode, then parse. Really, really simple to write, but not the case here. Unless there’s a way to easily separate the fields before they get to a parser, this is going to be problematic to deal with. You can’t really use a regular JSON parser because you don’t know where to start/stop the parsing. You can’t split it ahead of time like with the b64-armored version because of the issues discussed here. If you’ve got a streaming parser, you might be able to do this, but that’s going to be tricky; and if you’re doing a streaming parser, I think you’d be better off going with something like the JSON Text Stream thing that’s already got an RFC definition and a handful of implementations instead of something newly invented. — Justin > On Mar 25, 2015, at 2:51 PM, Martin Thomson <[email protected]> wrote: > > If this is *only* used for detached payloads, then that's fine, but > you then to define it as just that. Otherwise you get the problem > that Jim identified. > > JWS Detached Signature = UTF8(JWS Protected Header)) || '.' || > (JWS Signature) > > On 25 March 2015 at 14:42, Mike Jones <[email protected]> wrote: >> As a historical note, the signature comes last in the JWS Compact >> Serialization to enable computing it in a streaming manner, for algorithms >> where this is possible. > > Yes, that is the logical place for a signature. > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
