Anders is right that "alg":"none" enables the same base64url-encoded JWS
container format to be used both for signed and unsigned content. That's why
"none" is compelling for some use cases - especially those in which signing can
be optional.
-- Mike
-----Original Message-----
From: jose <[email protected]> On Behalf Of Anders Rundgren
Sent: Wednesday, May 2, 2018 11:16 PM
To: [email protected]
Subject: [jose] Rationale for keeping the JWS "none" algorithm
A reason for keeping the "none" algorithms is because JWS is an intrusive
scheme where the signature container effectively becomes the primary "message".
If you want messages to only OPTIONALLY be signed you get a rather quirky
system unless you have a "none" algorithm.
Cleartext JWS
(https://tools.ietf.org/id/draft-erdtman-jose-cleartext-jws-00.html) OTOH,
doesn't need a "none" algorithm since an unsigned message simply wouldn't
contain a signature property.
Unsigned Message:
{
"mydata":...
}
Message Signed with Cleartext JWS:
{
"mydata":...,
"signature": {
....
}
}
BTW, if the verifier doesn't enforce a policy including accepted Algorithms,
Keys to trust, Key identification mechanisms, Anticipated extensions etc. all
bets are off for any signature solution even if the signature software is
"perfect" :-)
Anders
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
