Archive for the 'Cryptography' Category

April 6, 2016
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) is now RFC 7800

IETF logoThe Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) specification is now RFC 7800 – an IETF standard. The abstract describes the specification as:

This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of-possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.

Thanks to John Bradley, Hannes Tschofenig, and the OAuth working group for their work on this specification.

April 4, 2016
Using RSA Algorithms with COSE Messages

IETF logoI have published draft-jones-cose-rsa, which defines algorithm encodings and representations enabling RSA algorithms to be used for COSE messages. This addresses COSE Issue #21: Restore RSA-PSS and the “RSA” key type. The initial version of this specification incorporates text from draft-ietf-cose-msg-05 – the last COSE message specification version before the RSA algorithms were removed.

The specification is available at:

An HTML-formatted version is also available at:

February 25, 2016
JWS Unencoded Payload Option is now RFC 7797

IETF logoThe JWS Unencoded Payload Option specification is now RFC 7797 – an IETF standard. The abstract describes the specification as:

JSON Web Signature (JWS) represents the payload of a JWS as a base64url-encoded value and uses this value in the JWS Signature computation. While this enables arbitrary payloads to be integrity protected, some have described use cases in which the base64url encoding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not base64url-encode the payload. This option is intended to broaden the set of use cases for which the use of JWS is a good fit.

This specification updates RFC 7519 by stating that JSON Web Tokens (JWTs) MUST NOT use the unencoded payload option defined by this specification.

This option is used by including the header parameters "b64":false and "crit":["b64"]. JWTs never use this option.

February 8, 2016
W3C Web Authentication Working Group

W3C logoThe W3C approved the Web Authentication Working Group charter today and announced the first working group meeting, which will be on March 4, 2016 in San Francisco. The initial input to the working group was the member submission of FIDO 2.0 Platform Specifications.

December 23, 2015
JWS Unencoded Payload Option spec addressing Stephen Farrell’s review

IETF logoJWS Unencoded Payload Option draft -09 addresses Stephen Farrell’s IESG review. In particular, the use of “crit” is now required with “b64”. This should be the version that is sent to the RFC Editor.

The specification is available at:

An HTML-formatted version is also available at:

December 18, 2015
Proof-of-Possession Key Semantics for JWTs spec addressing remaining comments

OAuth logoProof-of-Possession Key Semantics for JWTs draft -11 addresses Sec-Dir review comments by Chris Lonvick and ballot comments by Stephen Farrell. This should enable clearing the “point raised” status from yesterday’s IESG telechat and progressing the document to the RFC Editor.

The specification is available at:

An HTML-formatted version is also available at:

December 17, 2015
JWS Unencoded Payload Option spec for IESG telechat

IETF logoJWS Unencoded Payload Option draft -08 was published for consideration on the IESG telechat later today. The changes addressed Gen-Art review comments by Robert Sparks, Ops-Dir review comments by Stefan Winter, and ballot comments by Benoit Claise and Ben Campbell. Normative text was added describing the use of “crit” with “b64”.

The specification is available at:

An HTML-formatted version is also available at:

December 17, 2015
Proof-of-Possession Key Semantics for JWTs spec for IESG telechat

OAuth logoProof-of-Possession Key Semantics for JWTs draft -10 was published for consideration on the IESG telechat later today. All changes were editorial and addressed ballot comments by Barry Leiba.

The specification is available at:

An HTML-formatted version is also available at:

December 13, 2015
JWS Unencoded Payload Option spec addressing Gen-Art and Sec-Dir comments

IETF logoDraft -07 of the JWS Unencoded Payload Option specification addresses Gen-Art review comments by Robert Sparks and Sec-Dir review comments by Benjamin Kaduk. Thanks to both of you for your useful reviews!

The specification is available at:

An HTML-formatted version is also available at:

December 4, 2015
CBOR Web Token (CWT) spec for the ACE working group

IETF logoAfter input from many interested people, IETF Security Area Director Kathleen Moriarty decided that the right place for the CBOR Web Token (CWT) work is the ACE working group. Today Erik Wahlström posted a new draft of the CBOR Web Token (CWT) specification that is intended for ACE.

This version of the spec references the JSON Web Token (JWT) claim definitions, rather than repeating them, and intentionally only includes equivalents of the claims defined by the JWT spec. Other CWT claims, including those needed by ACE applications, will be defined by other specs and registered in the CWT claims registry.

The specification is available at:

An HTML-formatted version is also available at:

November 30, 2015
Proof-of-Possession Key Semantics for JWTs spec addressing additional AD comments

OAuth logoProof-of-Possession Key Semantics for JWTs draft -08 addresses additional Area Director review comments. A security consideration about utilizing audience restriction in combination with proof-of-possession was added. Thanks to John Bradley for working on the additional wording with me.

The specification is available at:

An HTML formatted version is also available at:

November 24, 2015
Proof-of-Possession Key Semantics for JWTs spec addressing Area Director comments

OAuth logoProof-of-Possession Key Semantics for JWTs draft -07 addresses review comments by our Area Director, Kathleen Moriarty, as well as comments by Hannes Tschofenig and Justin Richer. This should hopefully enable IETF last call.

The specification is available at:

An HTML formatted version is also available at:

November 24, 2015
JWS Unencoded Payload Option spec addressing Area Director comments

IETF logoDraft -06 of the JWS Unencoded Payload Option specification addresses review comments by our Area Director, Kathleen Moriarty. This should hopefully enable IETF last call.

The specification is available at:

An HTML formatted version is also available at:

November 18, 2015
JWS Unencoded Payload Option spec with reworked security considerations

IETF logoDraft -05 of the JWS Unencoded Payload Option specification reworked the security considerations text on preventing confusion between encoded and unencoded payloads.

The specification is available at:

An HTML formatted version is also available at:

November 12, 2015
CBOR Web Token (CWT)

IETF logoI know that some of you have been following the IETF’s work on the CBOR Object Signing and Encryption (COSE) Working group on creating a Concise Binary Object Representation (CBOR) equivalent of the JSON-based cryptographic data formats produced by the JSON Object Signing and Encryption (JOSE) Working group. I’m happy to announce that work has now started on a CBOR Web Token (CWT) specification: a CBOR mapping of the JSON Web Token (JWT) security token format that was built using the JOSE specifications. While I expect JSON and the JOSE/JWT specs to continue be used in most Web, PC, phone, tablet, cloud, and enterprise contexts, the COSE specs and now CWT are designed for use in constrained environments, such as those for some Internet of Things (IoT) devices.

Just as it was important to have a JSON-based security token format for applications using JSON, it will be important to have a CBOR-based security token format for applications using CBOR. CBOR Web Token (CWT) fills that role. Note that what is actually defined is a general cryptographically secured CBOR data structure, enabling CWTs to be used as general application payloads for CBOR-based applications.

The abstract of the specification is:

CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value.

My thanks to Erik Wahlström and Hannes Tschofenig for helping to make this happen!

Finally, I’ll note that just as the suggested pronunciation of JWT is the same as the English word “jot”, the suggested pronunciation of CWT is the same as the English word “cot”. So welcome to “cots”!

The specification is available at:

An HTML formatted version is also available at:

November 11, 2015
JWS Unencoded Payload Option spec addressing shepherd comments

IETF logoDraft -04 of the JWS Unencoded Payload Option specification addresses the shepherd comments. Thanks to Jim Schaad for his careful review. The primary change was adding additional security considerations text, including describing when “crit” should be used.

The specification is available at:

An HTML formatted version is also available at:

November 4, 2015
Proof-of-Possession Key Semantics for JWTs spec addressing final shepherd comment

OAuth logoProof-of-Possession Key Semantics for JWTs draft -06 addresses the remaining document shepherd comment – adding use case diagrams to the introduction.

The updated specification is available at:

An HTML formatted version is also available at:

October 19, 2015
Proof-of-Possession Key Semantics for JWTs spec addressing document shepherd comments

OAuth logoProof-of-Possession Key Semantics for JWTs draft -05 addresses Kepeng Li’s document shepherd comments (other than adding some use case diagrams in the introduction, which will happen soon).

The updated specification is available at:

An HTML formatted version is also available at:

October 13, 2015
JWS Unencoded Payload Option spec addressing WGLC comments

IETF logoDraft -03 of the JWS Unencoded Payload Option specification addresses the working group last call comments received. Thanks to Jim Schaad, Vladimir Dzhuvinov, John Bradley, and Nat Sakimura for the useful comments. Changes were:

  • Allowed the ASCII space character and all printable ASCII characters other than period (‘.’) in non-detached unencoded payloads using the JWS Compact Serialization.
  • Updated the abstract to say that that the spec updates RFC 7519.
  • Removed unused references.
  • Changed the change controller to IESG.

The specification is available at:

An HTML formatted version is also available at:

September 13, 2015
JWS Unencoded Payload Option -02

IETF logoDraft -02 of the JWS Unencoded Payload Option specification makes these updates:

  • Required that “b64” be integrity protected.
  • Stated that if the JWS has multiple signatures and/or MACs, the “b64” Header Parameter value MUST be the same for all of them.
  • Stated that if applications use content encoding, they MUST specify whether the encoded or unencoded payload is used as the JWS Payload value.
  • Reorganized the Unencoded Payload Content Restrictions section.
  • Added an “updates” clause for RFC 7519 because this specification prohibits JWTs from using "b64":false.

Thanks for the working group feedback that resulted in these improvements.

The specification is available at:

An HTML formatted version is also available at:

Next »