Draft -02 of the JWS Unencoded Payload Option specification makes these updates:
* Required that "b64" be integrity protected. * Stated that if the JWS has multiple signatures and/or MACs, the "b64" Header Parameter value MUST be the same for all of them. * Stated that if applications use content encoding, they MUST specify whether the encoded or unencoded payload is used as the JWS Payload value. * Reorganized the Unencoded Payload Content Restrictions section. * Added an "updates" clause for RFC 7519 because this specification prohibits JWTs from using "b64":false. Thanks for the working group feedback that resulted in these improvements. The specification is available at: * https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-02 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-02.html -- Mike P.S. This note is also posted at http://self-issued.info/?p=1456 and as @selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7c3a69db7b8b6c4d47da0f08d2937a3d82%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ggurSMkRVW%2bR8Nv93Mnbsf16CmVGqfjB9lW8SV5gAKM%3d>.
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
