Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:
We have been having a similar discussion in ACME which is for issue of
certificates for use in TLS, email, etc.
The body of the message is going to be JSON. But the message needs to be
signed. After a number of proposals we seem to have settled on a scheme in
which the start of the message is a JSON header carrying the signature which
followed by a JSON message carrying the transaction request or response.
Okay, I'll bite.. Why don't you use JWS? That would seem to be the
appropriate way to sign JSON, no?
Derek Atkins 617-623-3745
Computer and Internet Security Consultant
openpgp mailing list