With draft-ietf-jose-jws-signing-input-options-01 the "b64" member in the header changes two things: 1) whether or not the payload bytes are base64url-encoded before being used as input bytes to the signing algorithm; and 2) whether the "payload" member of a JWS JSON serialization holds the base64url-encoding of the payload bytes, or a JSON-string-encoding of the payload Unicode characters.
It would be better if the "b64" member only did the first of these. A new member of the JWS JSON serialization should be defined for the second item. For instance, define a member called "pld" or "raw" or "payload2" or "content" that is a string whose UTF-8-encoding (after removing any JSON escapes) is the payload bytes. The draft-ietf-jose-jws-signing-input-options-01 design is particularly poor as when you look at a JWS JSON serialization you can see the "payload" value but you cannot tell if it is base64url-encoded or raw until you base64url-decode the "protected" value to look for a "b64" member. -- James Manger
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
