Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbprint-05.txt> (JSON Web Key (JWK) Thumbprint) to Proposed Standard
Edmund Jay <ejay@mgi1.com> Tue, 02 June 2015 00:04 UTC
Return-Path: <edmundjay@sbcglobal.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75A171A6EFC for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 17:04:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0rpr7kxxhfNj for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 17:04:55 -0700 (PDT)
Received: from nm19-vm5.bullet.mail.ne1.yahoo.com (nm19-vm5.bullet.mail.ne1.yahoo.com [98.138.91.241]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB8921A6F13 for <ietf@ietf.org>; Mon, 1 Jun 2015 17:04:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1433203492; bh=oLXklIFhMuWi7Zr8Ngd4j7A9vV2nASY2Zb/vgo1MQzY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=WVW4AQmUAc1Pji+iQyfLX7pu4YIv37Gps6/Xql9FS1Z97FQFWHCI+U56yWGC64J30dsWxGVB58EeSeN0AOTIzoz0LWdpTXVb70As6XvGpv8xiB7tQIWbQ2s4fuCx3qFtFqe7zy1SuZ73l9q89tUIRMW++algnZwyaAYcbCyXLi789RW7AXYZQRycBCCzuaufwYvCFfEV4mDqh6fo0sIymmiH1upn04K9AH5PEfO83pNvBhkHXC83FOyzCM+GjR/kVhsvGYCTklNhXE0+uaW73Gl7FAgc21LD2a21UESeGNC3V4RvYiyABL+pgQ7tSxTL5GdkuN2BKYi1GiP0zorppA==
Received: from [98.138.100.111] by nm19.bullet.mail.ne1.yahoo.com with NNFMP; 02 Jun 2015 00:04:52 -0000
Received: from [98.138.89.172] by tm100.bullet.mail.ne1.yahoo.com with NNFMP; 02 Jun 2015 00:04:52 -0000
Received: from [127.0.0.1] by omp1028.mail.ne1.yahoo.com with NNFMP; 02 Jun 2015 00:04:51 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 997820.40760.bm@omp1028.mail.ne1.yahoo.com
X-YMail-OSG: Qb.92VoVM1nFXhvxAW_RQwbqfdSmaSeL6ScM8zrGxC..5waDHLvI3mENHmVDiZr q9DAejbhGqboZ3eH7mQVs0DCITYDce.Rj7OHDpbeTySjqURFyhMq.zM.T2BFdZtfboKpwA5XsNU6 W3p0ihLFsAH.EjTBHivJTj2naBBYFHDVLo9IIARZyMLhKb2bc6iLVxdR7Ymiq4utUSMp0fzPMc6Z e7CvEGW1RYJhqPTBqoo3AmE5XjF5O29TVXJB2EuwUaEO6DpbWbEdr.z99hGlmXT4SEg1Nj7DkL6y xIPr2PQxrogSWa4YeKsSIY5NeHhnWNcRBxMp4Tu8Zj1gT2y2JkW5Zjx0iAeVmnG6GGoOXtXiITyQ MlTee65UFdE81_pjo99MNHKPD2F5yQEtWcyeTja1W1WXimCkfElo8fFgHyDEJMCFJTn17SJkmfss UCQ9dcLEu0KDy2ladsK3lg41I62KJAQn4424c_pFd3B5O7oua_lThddFxYuJHUnbZ4uRcAjAE9RM IdzoXaWtDrxFNby3VGw--
Received: by 98.138.105.195; Tue, 02 Jun 2015 00:04:51 +0000
Date: Tue, 02 Jun 2015 00:04:48 +0000
From: Edmund Jay <ejay@mgi1.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <1253769260.3060317.1433203488263.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <F515B0C8-A2E0-454E-B0E1-0E984B9FA31B@ve7jtb.com>
References: <F515B0C8-A2E0-454E-B0E1-0E984B9FA31B@ve7jtb.com>
Subject: Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbprint-05.txt> (JSON Web Key (JWK) Thumbprint) to Proposed Standard
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3060316_543826260.1433203488256"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/NgmFQoqOE58MgyDjY-QXJoemHkQ>
X-Mailman-Approved-At: Tue, 02 Jun 2015 08:03:01 -0700
Cc: "ietf@ietf.org" <ietf@ietf.org>, "jose@ietf.org" <jose@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Edmund Jay <ejay@mgi1.com>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 00:04:57 -0000
I agree with John. I think the spec is fine as is, for generating a keyid for a simple jwk.Adding hash input bytes for keys that may or may not have other uses will add additional/unnecessary complexity.
From: John Bradley <ve7jtb@ve7jtb.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: ietf@ietf.org; jose@ietf.org
Sent: Monday, June 1, 2015 9:23 AM
Subject: Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbprint-05.txt> (JSON Web Key (JWK) Thumbprint) to Proposed Standard
I understand Stephen’s issue.
However this is intended to be a simple way to generate a keyid value based on a JWK.
I think the document as is accomplishes that.
If we want to generate a keyid based on the SubjectPublicKeyInfo format
from x.509 people should be able to do that based on the existing specs.
We did drop the jkt member from the spec a while ago based on feedback.
Based on some of the discussion on creating a thumbprint from a SPKI there may be a need for better documenting
how to do that. A number of the proposals discussed for doing it without full processing only worked for some key-types.,
however that should be a separate spec.
I think this one is ready to go.
Regards
John B.
> On May 28, 2015, at 2:04 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>
>
> Hi,
>
> I have one comment on this that I did raise with the WG (the
> thread starts at [1] but the subject lines diverged so it's
> not so easy to follow). At the end of that I think I was
> correctly judged to be in the rough within the WG. I'm
> raising it again now as a last-call comment (and wearing
> no hat) as the issue is really about doing the same thing
> in multiple protocols/WGs, so this could be a case where
> IETF consensus maybe ought win over WG consensus, depending
> on whether folks working on other protocols care or not.
> (And I'm not sure if they do.)
>
> Note that if the draft as-is turns into an RFC it will not
> be the end of the world, so I'd only expect that a change
> would be done if there're a load of people who agree that
> changing is beneficial for some actual use-case they have
> or may have in future. (In other words, I really don't
> expect this change to happen and I do not want it to
> happen on purely theoretical grounds, but I wanted to
> check just in case;-)
>
> So my issue is:...
>
> We have a bunch of other protocols (DANE, CoAP and more)
> in which we use a hash of a public key. In most of those with
> which I'm familiar we use the SubjectPublicKeyInfo format
> from x.509 as the input bytes to the hash function. Doing
> so ensures that a hash generated in one protocol/application
> could in principle be meaningful in others, even if that's
> not a very common thing to want. Note that using that structure
> does not imply anything about using x.509 or asn.1 really as
> pretty much all crypto APIs (or maybe all) provide you with
> a way to extract public keys in exactly that form regardless
> of whether you care about x.509 or anything related to
> that kind of PKI. (So please let's not have the "I hate
> asn.1/x.509/whatever" argument again:-)
>
> This draft defines it's own peculiar input bytes to the
> hash function and even notes that there's no really good
> reason for that difference:-) [2]
>
> I think this would be better if it supported the use of
> hash input bytes that are the same as are used elsewhere.
>
> But, as I said before, the world won't end if this becomes
> an RFC and we have to do another one later on with that
> fairly trivial difference.
>
> Cheers,
> S.
>
> [1] https://www.ietf.org/mail-archive/web/jose/current/msg04954.html
> [2] https://tools.ietf.org/html/draft-ietf-jose-jwk-thumbprint-05#section-5
>
>
> On 28/05/15 17:40, The IESG wrote:
>>
>> The IESG has received a request from the Javascript Object Signing and
>> Encryption WG (jose) to consider the following document:
>> - 'JSON Web Key (JWK) Thumbprint'
>> <draft-ietf-jose-jwk-thumbprint-05.txt> as Proposed Standard
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final comments on this action. Please send substantive comments to the
>> ietf@ietf.org mailing lists by 2015-06-11. Exceptionally, comments may be
>> sent to iesg@ietf.org instead. In either case, please retain the
>> beginning of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>> This specification defines a method for computing a hash value over a
>> JSON Web Key (JWK). It defines which fields in a JWK are used in the
>> hash computation, the method of creating a canonical form for those
>> fields, and how to convert the resulting Unicode string into a byte
>> sequence to be hashed. The resulting hash value can be used for
>> identifying or selecting the key represented by the JWK that is the
>> subject of the thumbprint.
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-jose-jwk-thumbprint/
>>
>> IESG discussion can be tracked via
>> https://datatracker.ietf.org/doc/draft-ietf-jose-jwk-thumbprint/ballot/
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose
- Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05… Stephen Farrell
- Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05… Phillip Hallam-Baker
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… John Bradley
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Preibisch, Sascha H
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Edmund Jay
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Matias Woloski