[hughes]

What does JSON object signing provide that TLS doesn't?

Does this imply that the application doesn't trust the transport/presentation layers?

[hinkley]

Caching or other forms or retransmission of the data.

Not all signed content is meant to be confidential. Or two-party confidential. Think about tokens. You have a refresh token that’s private between you and the destination, but you hand out session tokens to your users so they can talk to the destination directly. Or via another server that doesn’t have a cache coherency with the source.

[hughes]

Thanks, that makes sense.

[magicalhippo]

Our program has to sign XML documents so that the recipient can be certain a specific user signed it, as they're considered legally binding.

The documents are transmitted via a relaying party, as we don't have support for the protocol the recipient requires.

Similar cases could pop up in JSON-land, I imagine.