Commit 9f8fe446 authored by Mark Lodato's avatar Mark Lodato
Browse files

JWS does allow arbitrary payloads (#3)

parent 60f7d857
......@@ -66,15 +66,15 @@ Columns:
## Envelope Layer (not specific to Attestations)
Property | [signing-spec] | [OpenPGP] | [JWS]/[JWT] | [PASETO] | [in-toto v1] | [JSS]
----------------------- | -------------- | --------- | ----------- | -------- | ------------ | -----
Authenticated Purpose | ✓ | ✗ | ✓ | ✗ | ✓ | ✗
Arbitrary Message Type | ✓ | ✓ | | ✗ | ✗ | ✗
Simple | ✓ | ✗ | ✗ | ✓ | ✓ | ✓
Avoids Canonicalization | ✓ | ✓ | ✓ | ✓ | ✗ | ✓
Pluggable Crypto | ✓ | ✗ | ✓ | ✗ | ✓ | ✓
Efficient Encoding | ✓ | ✗ | ✗ | ✗ | ✓ | ✗
Widely Adopted | ✗ (not yet!) | ✓ | ✓ | ✗ | ✗ | ✗
Property | [signing-spec] | [OpenPGP] | [JWS] | [JWT] | [PASETO] | [in-toto v1] | [JSS]
----------------------- | -------------- | --------- | ----- | ----- | -------- | ------------ | -----
Authenticated Purpose | ✓ | ✗ | ✓ | ✓ | ✗ | ✓ | ✗
Arbitrary Message Type | ✓ | ✓ | | ✗ | ✗ | ✗ | ✗
Simple | ✓ | ✗ | ✗ | ✗ | ✓ | ✓ | ✓
Avoids Canonicalization | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ | ✓
Pluggable Crypto | ✓ | ✗ | ✓ | ✓ | ✗ | ✓ | ✓
Efficient Encoding | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | ✗
Widely Adopted | ✗ (not yet!) | ✓ | ✓ | ✓ | ✗ | ✗ | ✗
Properties:
......@@ -84,11 +84,11 @@ Properties:
`_type`
- **Arbitrary Message Type:** Does the envelope support arbitrary message
types / encodings?
- ✗ PASETO, JWS/JWT, in-toto v1, JSS: only supports JSON messages
- ✗ PASETO, JWT, in-toto v1, JSS: only supports JSON messages
- **Simple:** Is the standard simple, easy to understand, and unlikely to be
implemented incorrectly?
- ✗ PGP: Enformous RFC.
- ✗ JWS/JWT: Enormous RFC, many vulnerabilities in the past.
- ✗ JWS, JWT: Enormous RFC, many vulnerabilities in the past.
- **Avoids Canonicalization:** Does the protocol avoid relying on
canonicalization for security, in order to reduce attack surface?
- ✗ in-toto v1: Relies on Canonical JSON
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment