RFC Errata System | 25 Nov 11:45 2013

[Technical Errata Reported] RFC6030 (3811)

The following errata report has been submitted for RFC6030,
"Portable Symmetric Key Container (PSKC)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6030&eid=3811

--------------------------------------
Type: Technical
Reported by: Ivan Micanovic <ivan.micanovic@...>

Section: 4.1.

Original Text
-------------
All the elements listed above (and those defined in the future)
      obey a simple structure in that they MUST support child elements
      to convey the data value in either plaintext or encrypted format:

      Plaintext:  The <PlainValue> element carries a plaintext value
         that is typed, for example, to xs:integer.

      Encrypted:  The <EncryptedValue> element carries an encrypted
         value.

Corrected Text
--------------

Notes
-----
(Continue reading)

Anders Rundgren | 7 Oct 22:22 2013
Picon

KeyGen2 - XML Exodus Completed

https://openkeystore.googlecode.com/svn/resources/trunk/docs/sks-api-arch.pdf

The resulting JSON implementation is about 200,000 lines shorter.

Cheers,
Anders
Anders Rundgren | 18 Sep 17:07 2013
Picon

Converting enrollment protocols from XML to JSON

I have "amused" myself with some initial conversions of KeyGen2 from XML to JSON.
The following shows one of the ten KeyGen2 message objects:
  
    {

        " <at> context": "http://xmlns.webpki.org/keygen2/201309018",
        " <at> qualifier": "KeyCreationRequest",
        "ServerSessionID": "S-140f2b70a3e4eefe1627b141e20",
        "ClientSessionID": "C-140f2b70ba0812f22188454b453",
        "SubmitURL": "http://issuer.example.com/keygen",
        "PUKPolicy": 
            [{
                 "ID": "PUK.1",
                 "Format": "numeric",
                 "RetryLimit": 3,
                 "Value": "mjRuOhjhtfg6d6d51Oqw",
                 "MAC": "xPr65fxq5hwvUX94Btpp5tey+yHH9iBrMLO7wQ2k5/0=",
                 "PINPolicy": 
                     [{
                          "ID": "PIN.1",
                          "Grouping": "shared",
                          "Format": "numeric",
                          "MinLength": 4,
                          "MaxLength": 8,
                          "RetryLimit": 3,
                          "PatternRestrictions": ["three-in-a-row","sequence"],
                          "MAC": "Hlzek4waNiqnWwrK83cvHE6MyoQh7N5frLEH4I3DpZ0=",
                          "KeyEntry": 
                              [{
                                   "ID": "Key.1",
                                   "KeyAlgorithm": "http://xmlns.webpki.org/sks/algorithm#ec.p256",
                                   "AppUsage": "authentication",
                                   "MAC": "idpbhr/L/4BnaLaxz5VJHC4/XPoyp3kR/s7Dcb7ywTM="
                               },
                               {
                                   "ID": "Key.2",
                                   "KeyAlgorithm": "http://xmlns.webpki.org/sks/algorithm#rsa2048",
                                   "AppUsage": "encryption",
                                   "MAC": "6KCho59vdV3hyXlKaQl3HQFPO32GzfXFbkJh4jsbQKA="
                               }]
                      }]
             }]
    }

This should be interpreted as a request for an EC key and an RSA key where both keys are protected by a single (shared) user-defined (within the specified policy limits) PIN. The PIN is in turn governed by an issuer-defined, protocol-wise secret PUK.

Since multiple instances of properties is considered as a bad JSON practice, arrays have been used instead.
For those who are versed in XML Schemas, <at> context is essentially the same as targetNameSpace while <at> qualifier represents an "emulation" of the top-level element in an XML instance document.

The original version in XML looks considerably cooler but machines probably don't care :-)

Cheers,
Anders
<div>
    <span>I have "amused" myself with some initial conversions of
        KeyGen2 from XML to JSON.<br>
        The following shows one of the ten KeyGen2 message objects:<br>
        &nbsp;&nbsp; <br>
        &nbsp;&nbsp;&nbsp; {</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span> <at> context<span>":&nbsp;"</span><a class="moz-txt-link-freetext" href="http://xmlns.webpki.org/keygen2/201309018">http://xmlns.webpki.org/keygen2/201309018</a><span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span> <at> qualifier<span>":&nbsp;"</span>KeyCreationRequest<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ServerSessionID<span>":&nbsp;"</span>S-140f2b70a3e4eefe1627b141e20<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ClientSessionID<span>":&nbsp;"</span>C-140f2b70ba0812f22188454b453<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>SubmitURL<span>":&nbsp;"</span><a class="moz-txt-link-freetext" href="http://issuer.example.com/keygen">http://issuer.example.com/keygen</a><span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>PUKPolicy<span>":&nbsp;</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[{</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ID<span>":&nbsp;"</span>PUK.1<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>Format<span>":&nbsp;"</span>numeric<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>RetryLimit<span>":&nbsp;</span>3<span>,</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>Value<span>":&nbsp;"</span>mjRuOhjhtfg6d6d51Oqw<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MAC<span>":&nbsp;"</span>xPr65fxq5hwvUX94Btpp5tey+yHH9iBrMLO7wQ2k5/0=<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>PINPolicy<span>":&nbsp;</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[{</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ID<span>":&nbsp;"</span>PIN.1<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>Grouping<span>":&nbsp;"</span>shared<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>Format<span>":&nbsp;"</span>numeric<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MinLength<span>":&nbsp;</span>4<span>,</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MaxLength<span>":&nbsp;</span>8<span>,</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>RetryLimit<span>":&nbsp;</span>3<span>,</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>PatternRestrictions<span>":&nbsp;["</span>three-in-a-row<span>","</span>sequence<span>"],</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MAC<span>":&nbsp;"</span>Hlzek4waNiqnWwrK83cvHE6MyoQh7N5frLEH4I3DpZ0=<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>KeyEntry<span>":&nbsp;</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[{</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ID<span>":&nbsp;"</span>Key.1<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>KeyAlgorithm<span>":&nbsp;"</span><a class="moz-txt-link-freetext" href="http://xmlns.webpki.org/sks/algorithm#ec.p256">http://xmlns.webpki.org/sks/algorithm#ec.p256</a><span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>AppUsage<span>":&nbsp;"</span>authentication<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MAC<span>":&nbsp;"</span>idpbhr/L/4BnaLaxz5VJHC4/XPoyp3kR/s7Dcb7ywTM=<span>"</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;},</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>ID<span>":&nbsp;"</span>Key.2<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>KeyAlgorithm<span>":&nbsp;"</span><a class="moz-txt-link-freetext" href="http://xmlns.webpki.org/sks/algorithm#rsa2048">http://xmlns.webpki.org/sks/algorithm#rsa2048</a><span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>AppUsage<span>":&nbsp;"</span>encryption<span>",</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"</span>MAC<span>":&nbsp;"</span>6KCho59vdV3hyXlKaQl3HQFPO32GzfXFbkJh4jsbQKA=<span>"</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}]</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}]</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}]</span><br><span>&nbsp;&nbsp;&nbsp;&nbsp;}<br><br>
        This should be interpreted as a request for an EC key and an RSA
        key where both keys are protected by a single (shared)
        user-defined (within the specified policy limits) PIN. The PIN
        is in turn governed by an issuer-defined, protocol-wise secret
        PUK.<br><br>
        Since multiple instances of properties is considered as a bad
        JSON practice, arrays have been used instead.<br>
        For those who are versed in XML Schemas,  <at> context is essentially
        the same as targetNameSpace while  <at> qualifier represents an
        "emulation" of the top-level element in an XML instance
        document.<br><br>
        The original version in XML looks considerably cooler but
        machines probably don't care :-)<br><br>
        Cheers,<br>
        Anders<br></span>
  </div>
Simon Josefsson | 17 Sep 22:29 2013

OCRA test vectors for 4, 5, 7, 9 and 10 digit outputs

Could any implementer share test vectors for these cases?  They aren't
found in the RFC.  Contact me privately if you want.

/Simon
Simon Josefsson | 17 Sep 22:27 2013

OCRA without truncation

Hi,

I'm merging OCRA support into my OATH Toolkit implementation
(<http://www.nongnu.org/oath-toolkit/>) and we are discussing how OCRA
without truncation is supposed to work.

I haven't been able to figure out from the RFC what the output should be
when t=0.  There are no test vectors for that case.

A naive reader would notice this definition in section 5:

   In a nutshell,
                     OCRA = CryptoFunction(K, DataInput)

together with this from section 4.1:

   As a reminder:
                     HOTP(K,C) = Truncate(HMAC-SHA1(K,C))

and section 5.2 which specify the CryptoFunction:

   We define the HOTP family of functions as an extension to HOTP:

   1.  HOTP-H-t: these are the different possible truncated versions of
       HOTP, using the dynamic truncation method for extracting an HOTP
       value from the HMAC output

   2.  We will denote HOTP-H-t as the realization of an HOTP function
       that uses an HMAC function with the hash function H, and the
       dynamic truncation as described in [RFC4226] to extract a t-digit
       value

   3.  t=0 means that no truncation is performed and the full HMAC value
       is used for authentication purposes

so one could interpret this as when t=0, the Truncate function is not
invoked at all, and instead OCRA takes on the output value of the
HMAC-SHA1 function, which is a binary string.

Are there any implementation of OCRA with t=0?  What encoding, if any,
of the HMAC output is used?  Decimal, hex, binary?

The sample code in the RFC will always output the static code "1" as the
OCRA code for t=0, if I read the code correctly, which seems like a bug.

/Simon
Anders Rundgren | 5 Sep 21:47 2013
Picon

JCS - JSON Clear Text Signature Scheme

New name and updated documentation.

https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON-Clear-Text-Signature-Scheme.pdf

Enjoy!

Anders

Anders Rundgren | 31 Aug 05:22 2013
Picon

Updated: Re: Giving up on XML DSig => JSON

Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON
Signature scheme.

Canonicalization:
- Remove whitespace
- Unescape "strings"
- Sort properties

Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.

That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)

   {
    " <at> context": "http://example.com/test-signature",
    "Now": "2013-08-30T07:56:08+02:00",
    "ID": "lADU_sO067Wlgoo52-9L",
    "STRINGS": ["One","Two","Three"],
    "EscapeMe": "A\\\n\"",
    "Intra": 78,
    "Signature":
      {
        "SignatureInfo":
          {
            "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
            "KeyInfo":
              {
                "SignatureCertificate":
                  {
                    "Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
                    "SerialNumber": 1377713637130,
                    "Subject": "CN=example.com,O=Example Organization,C=US"
                  },
                "X509CertificatePath":
                  [
                    "MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
                  ]
              }
          },
        "SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
      },
  }

The sample shows the new KeyGen2 message structure which has been derived from JSON-LD ( <at> context)

Cheers
Anders
Anders Rundgren | 29 Aug 14:43 2013
Picon

IBM patent on JSON Signatures

http://patents.justia.com/patent/20100185869

This patent doesn't appear to apply to JWS but to my take on JSON signatures:

https://openkeystore.googlecode.com/svn/resources/trunk/docs/Enveloped-JSON-Signatures.pdf

I got this information from the patentee :-(

It is of course a bit reassuring to not be alone with an idea...

Cheers
Anders
Anders Rundgren | 29 Aug 08:53 2013
Picon

Giving up on XML DSig => JSON

Since Google doesn't support XSD or XML DSig in Android I began looking at other alternatives.
There were none :-( Now there is :-)

https://openkeystore.googlecode.com/svn/resources/trunk/docs/Enveloped-JSON-Signatures.pdf

Comments are welcome!

Cheers
Anders
Anders Rundgren | 10 Jul 07:00 2013
Picon

QR ID => OTP is approaching EOL

https://openkeystore.googlecode.com/svn/resources/trunk/docs/QR-ID-presentation.pdf

Since seeing is believing you may also try it in practice by installing
https://play.google.com/store/apps/details?id=org.webpki.mobile.android
in an Android phone.

Testing can be performed through a public web-site at:
https://mobilepki.org/scc
https://mobilepki.org/login

Anders
Hannes Tschofenig | 16 Mar 16:25 2013
Picon
Picon

HOTP Errata & Implementations

Hi all, 

in 2011 we published the TOTP with RFC 6238
http://tools.ietf.org/html/rfc6238

TOTP normatively references HOTP (RFC 4226, see http://www.ietf.org/rfc/rfc4226.txt). 

It turns out that HOTP has a few errata pending (see
http://www.rfc-editor.org/errata_search.php?rfc=4226&rec_status=2&presentation=records). 

Is anyone in this group interested to discuss these errata issues with me?

It would also be interesting to hear what people had implemented. 

Please drop me a mail. 

Ciao
Hannes


Gmane