Re: [jose] Keys in the documents
Mike Jones <Michael.Jones@microsoft.com> Tue, 30 July 2013 09:15 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D78921F9E44 for <jose@ietfa.amsl.com>; Tue, 30 Jul 2013 02:15:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.093
X-Spam-Level:
X-Spam-Status: No, score=-3.093 tagged_above=-999 required=5 tests=[AWL=-0.495, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d00kHqrsM2Sz for <jose@ietfa.amsl.com>; Tue, 30 Jul 2013 02:15:17 -0700 (PDT)
Received: from db8outboundpool.messaging.microsoft.com (mail-db8lp0189.outbound.messaging.microsoft.com [213.199.154.189]) by ietfa.amsl.com (Postfix) with ESMTP id DD9BF21E8109 for <jose@ietf.org>; Tue, 30 Jul 2013 02:09:21 -0700 (PDT)
Received: from mail87-db8-R.bigfish.com (10.174.8.240) by DB8EHSOBE010.bigfish.com (10.174.4.73) with Microsoft SMTP Server id 14.1.225.22; Tue, 30 Jul 2013 09:09:21 +0000
Received: from mail87-db8 (localhost [127.0.0.1]) by mail87-db8-R.bigfish.com (Postfix) with ESMTP id EA710D8016F; Tue, 30 Jul 2013 09:09:20 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -25
X-BigFish: VS-25(zzbb2dI98dI9371Ic85fh1b0bI1432Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h1de098h1033IL17326ah18c673h1de096h18de19h8275bh8275dh1de097hz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dc1h1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail87-db8: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail87-db8 (localhost.localdomain [127.0.0.1]) by mail87-db8 (MessageSwitch) id 1375175358731026_1005; Tue, 30 Jul 2013 09:09:18 +0000 (UTC)
Received: from DB8EHSMHS002.bigfish.com (unknown [10.174.8.249]) by mail87-db8.bigfish.com (Postfix) with ESMTP id AC46F200046; Tue, 30 Jul 2013 09:09:18 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by DB8EHSMHS002.bigfish.com (10.174.4.12) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 30 Jul 2013 09:09:18 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.03.0136.001; Tue, 30 Jul 2013 09:08:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [jose] Keys in the documents
Thread-Index: Ac6NBGkQxNRAr1CmSW6NTA6EnCzHBw==
Date: Tue, 30 Jul 2013 09:08:57 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B7309AF@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B7309AFTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] Keys in the documents
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 09:15:24 -0000
-14 now describes which RSA key parameters are there to enable optimizations, and states that their presence is RECOMMENDED, and that if any are present, all must be present (yes, with special language for the case of 3 or more prime factors). -- Mike From: Richard Barnes [mailto:rlb@ipv.sx] Sent: Tuesday, July 16, 2013 4:21 PM To: Brian Campbell Cc: Mike Jones; Matt Miller (mamille2); Jim Schaad; jose@ietf.org<mailto:jose@ietf.org> Subject: Re: [jose] Keys in the documents On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>> wrote: I like this change and think it will make it much more straightforward to consume the examples. One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for RSA Private Keys" [1] it says that all the members (excepting "oth") are required for private keys. However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" (Private Exponent) Parameter part of the private portion. Can we relax/change JWA to say something like "d" is always required and either all of others (with the caveat for "oth") are required to be there together or that they all need to be omitted? The Private Exponent is all that's functionally needed, right? And the rest are optimizations? I honestly don't know much (okay anything) about CRT vs plain old RSA keys. But it seems like there are cases where it'd be totally reasonable to have just the "d" - and the examples in JWS and JWE seem to make that point. Yes. This change should be made. Technically, only the modulus (n) and private exponent (d) are required. So the requirement levels for a private key would be: n, d: MUST e: SHOULD (so that you can derive the corresponding public key) p,q,dp,dq,qi: MAY (since these are all optimizations) --Richard [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 [2] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 [3] http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote: FYI - this was done in the -12 drafts. -- Mike From: Mike Jones [mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>] Sent: Friday, June 21, 2013 8:58 AM To: Matt Miller (mamille2); Richard Barnes Cc: Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org<mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org> Subject: RE: [jose] Keys in the documents Will do. ________________________________ From: Matt Miller (mamille2) Sent: 6/21/2013 6:06 AM To: Richard Barnes Cc: Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org<mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org> Subject: Re: [jose] Keys in the documents +1 On Jun 20, 2013, at 8:48 PM, Richard Barnes <rlb@ipv.sx<mailto:rlb@ipv.sx>> wrote: > +1 > > On Thursday, June 20, 2013, Jim Schaad wrote: > >> Is there any reason not to provide the public and private keys in the >> appendixes as JWK objects? This would make them easier to understand and >> put them into a format that one expects to be understood by JOSE systems.* >> *** >> >> ** ** >> >> Jim**** >> >> ** ** >> - m&m Matt Miller < mamille2@cisco.com<mailto:mamille2@cisco.com> > Cisco Systems, Inc. _______________________________________________ jose mailing list jose@ietf.org<mailto:jose@ietf.org> https://www.ietf.org/mailman/listinfo/jose On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>> wrote: I like this change and think it will make it much more straightforward to consume the examples. One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for RSA Private Keys" [1] it says that all the members (excepting "oth") are required for private keys. However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" (Private Exponent) Parameter part of the private portion. Can we relax/change JWA to say something like "d" is always required and either all of others (with the caveat for "oth") are required to be there together or that they all need to be omitted? The Private Exponent is all that's functionally needed, right? And the rest are optimizations? I honestly don't know much (okay anything) about CRT vs plain old RSA keys. But it seems like there are cases where it'd be totally reasonable to have just the "d" - and the examples in JWS and JWE seem to make that point. [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 [2] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 [3] http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote: FYI - this was done in the -12 drafts. -- Mike From: Mike Jones [mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>] Sent: Friday, June 21, 2013 8:58 AM To: Matt Miller (mamille2); Richard Barnes Cc: Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org<mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org> Subject: RE: [jose] Keys in the documents Will do. ________________________________ From: Matt Miller (mamille2) Sent: 6/21/2013 6:06 AM To: Richard Barnes Cc: Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org<mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org> Subject: Re: [jose] Keys in the documents +1 On Jun 20, 2013, at 8:48 PM, Richard Barnes <rlb@ipv.sx<mailto:rlb@ipv.sx>> wrote: > +1 > > On Thursday, June 20, 2013, Jim Schaad wrote: > >> Is there any reason not to provide the public and private keys in the >> appendixes as JWK objects? This would make them easier to understand and >> put them into a format that one expects to be understood by JOSE systems.* >> *** >> >> ** ** >> >> Jim**** >> >> ** ** >> - m&m Matt Miller < mamille2@cisco.com<mailto:mamille2@cisco.com> > Cisco Systems, Inc. _______________________________________________ jose mailing list jose@ietf.org<mailto:jose@ietf.org> https://www.ietf.org/mailman/listinfo/jose
- [jose] Keys in the documents Jim Schaad
- Re: [jose] Keys in the documents Richard Barnes
- Re: [jose] Keys in the documents Matt Miller (mamille2)
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Jim Schaad
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Brian Campbell
- Re: [jose] Keys in the documents Richard Barnes
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Brian Campbell