JSON Web Signature (JWS) Unencoded Payload Option
draft-ietf-jose-jws-signing-input-options-09

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: jose-chairs@ietf.org, "Jim Schaad" <ietf@augustcellars.com>, ietf@augustcellars.com, mbj@microsoft.com, Kathleen.Moriarty.ietf@gmail.com, draft-ietf-jose-jws-signing-input-options@ietf.org, jose@ietf.org, "The IESG" <iesg@ietf.org>, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'JWS Unencoded Payload Option' to Proposed Standard (draft-ietf-jose-jws-signing-input-options-09.txt)

The IESG has approved the following document:
- 'JWS Unencoded Payload Option'
  (draft-ietf-jose-jws-signing-input-options-09.txt) as Proposed Standard

This document is the product of the Javascript Object Signing and
Encryption Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-options/

Ballot Text

Technical Summary

   JSON Web Signature (JWS) [RFC 7515] represents the payload as a
   base64url encoded value and uses this value in the Signature
   computation.  While this enables arbitrary payloads to be integrity
  protected, some have described use cases in which the base64url
  encoding is unnecessary and/or an impediment to adoption, especially
  when the payload is large and/or detached.  This specification defines
  an alternate signature computation method that avoids the
  requirement to base64url-encode the payload.

Working Group Summary

  This document defines an alternate method to form the octet string that
  signatures are computed over for a JWS object.  This was the main focus
  of the discussions as it means that there are now potentially two different
  messages, one with and one without base64 encoding, that will have the
  same signature value.  The group believes that this has been adequately
  addressed in the current document.

Document Quality

  The document comes with examples of the new signatures, these examples
  have been validated by a non-author implementation.  A number of people
  have indicated that they are either planning to implement or are
  considering implementing the change in the signature scheme here.  Note
  that the document explicitly states that the JOSN Web Token community is
  not going to take this change.  

Personnel

  Jim Schaad acted as the Document Shepherd and
  Kathleen Moriarty is the Responsible Area Director.

RFC Editor Note