[jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
"Richard Barnes" <rlb@ipv.sx> Thu, 02 October 2014 02:34 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40C541A001A; Wed, 1 Oct 2014 19:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9USXUrElxqoA; Wed, 1 Oct 2014 19:33:59 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 24E131A0005; Wed, 1 Oct 2014 19:33:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Richard Barnes <rlb@ipv.sx>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.3.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20141002023359.19368.17933.idtracker@ietfa.amsl.com>
Date: Wed, 01 Oct 2014 19:33:59 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/3i7R-0oHLAlkhqdT7gIP8LnvA7A
Cc: jose-chairs@tools.ietf.org, draft-ietf-jose-json-web-key@tools.ietf.org, jose@ietf.org
Subject: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 02:34:00 -0000
Richard Barnes has entered the following ballot position for draft-ietf-jose-json-web-key-33: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-key/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 4.3. "The "use" and "key_ops" JWK members SHOULD NOT be used together." Did the WG discuss how these could combine? What was the outcome of that discussion? This could be an important point for interoperability. For example, WebCrypto enforces them both, so it will break if it gets a key with "use" and "key_ops" set to inconsistent values. https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsa-pss-operations Section 8. "[TBD]@ietf.org" This needs to be populated before approval. I don't know what's customary here, but "jose@ietf.org" is an obvious candidate. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 1.1. The pointer for BASE64URL should be to JWS. One level of indirection, please :) Section 4. It might be worth being explicit (here or elsewhere): "A JWK MUST NOT contain algorithm-specific members for key type other the one specified in its "kty" attribute." Section 4.1. "cryptographic algorithm family used with the key" "... such as "RSA" or "EC"." Section 4.7. "base64 encoded ([RFC4648] Section 4 -- not base64url encoded) DER" It seems unpleasant for implementations to have to support two flavors of base64, especially since this doesn't use PEM directly. Did the WG discuss just using BASE64URL? Section 9.1. It might help here to note that technologies like PKIX and JWT can allow relying parties to verify the provenance of a key and binding of attributes to it.
- [jose] Richard Barnes' Discuss on draft-ietf-jose… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Barry Leiba
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Barry Leiba
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Barry Leiba
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Barry Leiba
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Kathleen Moriarty
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Kathleen Moriarty
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Kathleen Moriarty
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones