Mike Jones: self-issued

The Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) specification is now RFC 7800 – an IETF standard. The abstract describes the specification as:

This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of-possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.

Thanks to John Bradley, Hannes Tschofenig, and the OAuth working group for their work on this specification.

No Comments » Posted under Cryptography & JSON & OAuth & Specifications

I have published draft-jones-cose-rsa, which defines algorithm encodings and representations enabling RSA algorithms to be used for COSE messages. This addresses COSE Issue #21: Restore RSA-PSS and the “RSA” key type. The initial version of this specification incorporates text from draft-ietf-cose-msg-05 – the last COSE message specification version before the RSA algorithms were removed.

The specification is available at:

• http://tools.ietf.org/html/draft-jones-cose-rsa-00

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-jones-cose-rsa-00.html

No Comments » Posted under CBOR & Cryptography & Specifications