Defining safe and unsafe encodings of base64url

fedi-e2ee / public-key-directory-specification

Specification for a Fediverse Directory Server for Public Keys

Other

41 stars 2 forks source link

Defining safe and unsafe encodings of base64url #45

Open raphaelahrens opened 2 months ago

raphaelahrens commented 2 months ago

The spec mentions that some values van be decode/encoded with a non-constant-time base64 encoding and secret values should use a constant-time base64.

To reduce the error, when implementing this spec, it should define two encoding function base64url_safe and base64url_unsafe and use these for the appropriate values.

As far I have seen most uses of base64 are for non-secret data, but to be honest I'm not sure. Which explains this issue. :laughing:

raphaelahrens commented 2 months ago

Maybe base64url_secret and base64url_public` is better.