Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]

Brian Campbell <bcampbell@pingidentity.com> Fri, 08 February 2013 22:46 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C03D021F8B64 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 14:46:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.893
X-Spam-Level:
X-Spam-Status: No, score=-5.893 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BWHPip3VsrB for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 14:46:18 -0800 (PST)
Received: from na3sys009aog103.obsmtp.com (na3sys009aog103.obsmtp.com [74.125.149.71]) by ietfa.amsl.com (Postfix) with ESMTP id 9805D21F8B48 for <jose@ietf.org>; Fri, 8 Feb 2013 14:46:18 -0800 (PST)
Received: from mail-ob0-f197.google.com ([209.85.214.197]) (using TLSv1) by na3sys009aob103.postini.com ([74.125.148.12]) with SMTP ID DSNKURWAOr4sulln3s8KywGu5IVPWm+S3cMR@postini.com; Fri, 08 Feb 2013 14:46:18 PST
Received: by mail-ob0-f197.google.com with SMTP id ta14so20787732obb.8 for <jose@ietf.org>; Fri, 08 Feb 2013 14:46:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=oh5iPiDihg/c7/T3hTlxlQSUeIdlw0eWJ3ogcVw1Klo=; b=GmOu6s9GaDUqhZVuzA69niClbZMqVUBvhrBJLcOr1yszmKItg+t6InbhZa1hA/19tW xTzVNLsTZKJv0/v8fqUcaOpjdP+B//ZtqPMY+lPs1vFFFQMveEsT1/DwHL7u5ZVJzbYa ANkeALW+WNfC+Xokv4VNi/traclOmHnoJ95UtbMMEVG8TOwEPsq27a0x0xUhz8UfxPJu xaOsXdE4OvxCaZrMVDuwBa6SlbTWV8ii5PQBTYtjGb6NuxV2ffmZjzFZZGZ4S04U0xe8 x8J2NNBohBOAtF2/YBYFuZTxFNg66fZTFevc4OTW/BSypBCxErrxigXwerFyOnPOLD56 3tlw==
X-Received: by 10.50.180.197 with SMTP id dq5mr5886022igc.22.1360363577710; Fri, 08 Feb 2013 14:46:17 -0800 (PST)
X-Received: by 10.50.180.197 with SMTP id dq5mr5886007igc.22.1360363577591; Fri, 08 Feb 2013 14:46:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.139.8 with HTTP; Fri, 8 Feb 2013 14:45:47 -0800 (PST)
In-Reply-To: <51155CF3.7060203@stpeter.im>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com> <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com> <CA+k3eCQqTpiTdDwdkqFNU9UApM8H4TjjkKq+XupSQuhLkbjRsg@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com> <0BC322C1-A6C5-46B8-BC2A-3A7E000952EF@ve7jtb.com> <CA+k3eCTi1Ss2grSALqZngtnCfv8ks0xRm_uXaeA7cdngua4_VQ@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411510A1F3@xmb-aln-x11.cisco.com> <BF7E36B9C495A6468E8EC573603ED9411511DB49@xmb-aln-x11.cisco.com> <51155CF3.7060203@stpeter.im>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 8 Feb 2013 15:45:47 -0700
Message-ID: <CA+k3eCRMi6XOYqj__y4uxVUp_0H-3aJSCSz5gp0BOEPxWeVjAA@mail.gmail.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary=14dae9340b73cec75404d53e531e
X-Gm-Message-State: ALoCoQkL99auh1vqaQGGsLdeDSvu9Fjrf2gfDd/UUHrciBqszPqnTuO6slIfj4AK4s4oXbslgD4cA/VJcdYh0AH7BOt8yDR3vbRH7JngNHn9DnKpn/LqeTFbyrR3E/cEoTgKuPIZ3EnX
Cc: "jose@ietf.org" <jose@ietf.org>, "Matt Miller \(mamille2\)" <mamille2@cisco.com>
Subject: Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 22:46:19 -0000

But just a non-objection from Peter Saint-Andre is very valuable in its own
right ;)


On Fri, Feb 8, 2013 at 1:15 PM, Peter Saint-Andre <stpeter@stpeter.im>wrote;wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2/8/13 11:47 AM, Matt Miller (mamille2) wrote:
> > After some off-list discussions, a couple of us believe it would
> > be worthwhile to somehow wrap a PKIX certificate chain in a JSON
> > Web Key.  A couple of us are leaning toward a new JWK type to do
> > this. One impact, I think, is that anywhere we currently have "x5c"
> > (and potentially "x5t" and "x5u") are effectively replaced by an
> > actual JWK object.  However, a few of us have other use cases where
> > a PKIX certificate JWK would solve some problems.
> >
> > Unless there's strong objection, Brian Campbell and I are likely
> > to start work on a new I-D that documents our musings.
>
> Sounds like a good idea.
>
> Not that you need anyone's permission to work on a non-WG
> Internet-Draft. :-)
>
> Peter
>
> - --
> Peter Saint-Andre
> https://stpeter.im/
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJRFVzzAAoJEOoGpJErxa2p4CkP/AyqSYm8ryd9kjq11AsPxdjn
> 4IYynE02urlTcq7gr+4dX7nS7BcggPX77BxqOD+/4FDDaqnXjeCHFZa4UO1PCdfC
> 6WOaDSy20lz7sanVcaKy3Rlng70xVJXzqmp3AvcuYTeLniZr9NzJvlFDv96XxCV6
> fl8UOWHDr8VEOHtcjaHaQdU7rwm8aszZzFp2oOtgnAvqC5TWfIVZHnz4YpTisieU
> 38ZOafXO+OH31dpa5xIkVC7bmWk3xNew+h7WHnoHfFdloS3/SFlqSoZVrQQ3V/Ed
> u4DzxPRHG0skbAN119IlKO6/nkYqtAIiRZ8Exq6SAc6NgBq4+D9g2BQ8yBKHttLW
> Vku/Wb6pc9WWO2GQ0Zjy7SsJC3BdxdozagyTsv8EOc85sZ5ZMC34gwYDHPyoG80S
> V/23qNQhjfKzuEsxjhVZ3q+XKZ+vjL79sMSpSwAKZ7trMdu/d7eH+KKM3jAoEbH8
> ejb2JkFeKmprkDCbBMqXeygWyVHLHO5RQFV0Zudn+rvkQZvM5agE+U7RouN+Gvw6
> 6QuCEfE7SRiAkigPdqU+mPR45HuhaF8V6EZ8lyrqULHhFiYnUb/6rFOIHt6O2OdN
> OGSmt6kLqH9JiaUG6erGC0KAhQP9obeEPlp5cKMZDlfYgkzbxVylVA1SKCmIC2IN
> caqrzbQrFupevrJC9qP8
> =3bg2
> -----END PGP SIGNATURE-----
>