andrewbaxter
commented
5 months ago Targetted at the ACME/JWS branch here https://github.com/andrewbaxter/fork-jsonwebtoken/pull/1
Closed andrewbaxter closed 5 months ago
andrewbaxter
commented
5 months ago Targetted at the ACME/JWS branch here https://github.com/andrewbaxter/fork-jsonwebtoken/pull/1
https://datatracker.ietf.org/doc/html/rfc7638
I republished the ring digests so that the feature could be used without matching ring versions.
The thumbprint json is hardcoded templates because I'm not sure if serde_json guarantees json string format (ordering, spacing, etc). The spec is written in such a way that quotation marks and backslashes won't appear in the serialized values so there's no risk of escape issues.
I think the readme's getting a bit crowded, but I didn't want to introduce unrelated changes here so I didn't touch it.
Aside from the unit test, I was testing with letsencrypt/pebble with EC keys and it seemed to be okay (although I switched from serde_json to hardcoded string templates after that).