Month: October 2014

These JOSE and JWT drafts incorporate resolutions to some previously unresolved IESG comments. The primary change was adding flattened JSON Serialization syntax for the single digital signature/MAC and single recipient cases. See http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-36#appendix-A.7 and http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.5 for examples. See the history entries for details on the few other changes. No breaking changes were made.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-36
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-36
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30

HTML formatted versions are available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-36.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-36.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-36.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-36.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-30.html

I’ve posted updated JOSE and JWT drafts that address the Applications Area Directorate review comments. Thanks to Ray Polk and Carsten Bormann for their useful reviews. No breaking changes were made.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-35
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-35
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-35
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-35
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-29

HTML formatted versions are available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-35.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-35.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-35.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-35.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-29.html

Updated JOSE and JWT specifications have been published that address the IESG review comments received. The one set of normative changes was to change the implementation requirements for RSAES-PKCS1-V1_5 from Required to Recommended- and for RSA-OAEP from Optional to Recommended+. Thanks to Richard Barnes, Alissa Cooper, Stephen Farrell, Brian Haberman, Ted Lemon, Barry Leiba, and Pete Resnick for their IESG review comments, plus thanks to Scott Brim and Russ Housley for additional Gen-ART review comments, and thanks to the working group members who helped respond to them. Many valuable clarifications resulted from your thorough reviews.

The specifications are available at:

• http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-34
• http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-34
• http://tools.ietf.org/html/draft-ietf-jose-json-web-key-34
• http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-34
• http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-28

HTML formatted versions are available at:

• https://self-issued.info/docs/draft-ietf-jose-json-web-signature-34.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-34.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-key-34.html
• https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-34.html
• https://self-issued.info/docs/draft-ietf-oauth-json-web-token-28.html