I’ve updated the JSON Web Key (JWK) Thumbprint specification to incorporate the JOSE working group feedback on the -00 draft from IETF 90. The two changes were:
- Said that the result is undefined if characters requiring escaping are needed in the hash input.
- Added instructions for representing integer numeric values in the hash input.
If a canonical JSON representation standard is ever adopted, this specification could be revised to use it, resulting in unambiguous definitions for those values (which are unlikely to ever occur in JWKs) as well. (Defining a complete canonical JSON representation is very much out of scope for this work!)
The specification is available at:
An HTML formatted version is also available at: