Mike Jones: self-issued

Musings on Digital Identity

Month: December 2014

JOSE -39 drafts incorporating an additional registry field

By

On December 30, 2014

In Cryptography, JSON, Specifications

IETF logoThese drafts incorporate this additional registry field in the JSON Web Signature and Encryption Algorithms registry, based on a comment by Stephen Farrell, with input from Jim Schaad and Kathleen Moriarty:

Algorithm Analysis Documents(s):

References to publication(s) in well-known cryptographic conferences, by national standards bodies, or by other authoritative sources analyzing the cryptographic soundness of the algorithm to be registered. The designated experts may require convincing evidence of the cryptographic soundness of a new algorithm to be provided with the registration request unless the algorithm is being registered as Deprecated or Prohibited. Having gone through working group and IETF review, the initial registrations made by this document are exempt from the need to provide this information.

This addition is in the document:

An HTML formatted version is also available at:

JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments

By

On December 9, 2014

In Claims, Cryptography, JSON, Specifications

IETF logoSlightly updated JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) drafts have been published that address the last of the IESG review comments, which were follow-up comments by Stephen Farrell and Pete Resnick. All DISCUSS comments had already been addressed by the previous drafts. The one normative change is that implementations must now discard RSA private keys with an “oth” parameter when the implementation does not support private keys with more than two primes. The remaining changes were editorial improvements suggested by Pete.

The specifications are available at:

HTML formatted versions are available at:

Powered by WordPress & Theme by Anders Norén