Re: [jose] #15: Broken examples in JWE / JWS
Richard Barnes <rlb@ipv.sx> Sat, 23 March 2013 01:37 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B875021F88FB for <jose@ietfa.amsl.com>; Fri, 22 Mar 2013 18:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.616
X-Spam-Level:
X-Spam-Status: No, score=-1.616 tagged_above=-999 required=5 tests=[AWL=1.360, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKlyYl4ytvQL for <jose@ietfa.amsl.com>; Fri, 22 Mar 2013 18:37:51 -0700 (PDT)
Received: from mail-oa0-f52.google.com (mail-oa0-f52.google.com [209.85.219.52]) by ietfa.amsl.com (Postfix) with ESMTP id 848BB21F87D1 for <jose@ietf.org>; Fri, 22 Mar 2013 18:37:51 -0700 (PDT)
Received: by mail-oa0-f52.google.com with SMTP id k14so4833141oag.39 for <jose@ietf.org>; Fri, 22 Mar 2013 18:37:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=Oo/2c6Oq8nEQ3sbNJcbNUyCd3DH5mZQw2KA+4r109n8=; b=NM0pza4n7cDzUcly9scvD2Ocedg7qAUYSAc9OtUzIKdChiCUcyBNORkp2Gs3n05WvH +2ZbQFPZyUHqYcVQ8O8Wvg0RRpbD/ZMsTGMlllunAgFOW3AAN9yTPYBhY+k8BTWarxlh fVwA0t0b0n84C/jE26OMNwojkc+GKqU/qwPKc7pL8xUJjK5pjp//5A2mVg4uOHVLKXTW p9dVDq6fZHZG4VB/lhWTFyxVcqtliD5LyYLL4NxSY4aFAwtT+6lNJa0XSShcitQ2aXRW +SYfDEsdQR5AY5QjJfOOEw17ePU2rbikbVp8lr1FmVmMiigLnv9XEP9hIO7g0+oydIlX WBpQ==
MIME-Version: 1.0
X-Received: by 10.60.172.80 with SMTP id ba16mr3968739oec.116.1364002668407; Fri, 22 Mar 2013 18:37:48 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Fri, 22 Mar 2013 18:37:48 -0700 (PDT)
X-Originating-IP: [108.18.40.68]
In-Reply-To: <013c01ce2763$ef72d950$ce588bf0$@augustcellars.com>
References: <049.dec2e6a11006261f47529bfcdfa8c51d@trac.tools.ietf.org> <064.854734170572ce8e0ba10611390025ce@trac.tools.ietf.org> <012701ce274a$8e17ca30$aa475e90$@augustcellars.com> <CAL02cgQ00JWPph9irvkcyqHi=gOMVt4W9J47e_UMWxdr=1_=MQ@mail.gmail.com> <013c01ce2763$ef72d950$ce588bf0$@augustcellars.com>
Date: Fri, 22 Mar 2013 21:37:48 -0400
Message-ID: <CAL02cgRZA8vvXcUjpnPMzjzZYLbNFTbceZ9JyjQwBt5bpuy5Aw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="bcaec5523bb6864fc004d88d9efa"
X-Gm-Message-State: ALoCoQkrIXlhVKSaYkzPNbfd4ZEpJUhHY5Z1HVQdNlaSq3NMYZ1Evm1WcIt4RNPhQcj8GYlQsyQe
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, jose@ietf.org
Subject: Re: [jose] #15: Broken examples in JWE / JWS
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2013 01:37:52 -0000
I've renamed the issue to try to clarify. You're right that there are alternative ways to locate a key. But a JOSE object needs to contain at least one of them, or else the /* special magic */ clause applies. --Richard On Fri, Mar 22, 2013 at 9:15 PM, Jim Schaad <ietf@augustcellars.com> wrote: > This may or may not be a flaw in the specification. However the item you > created in the tracker does not reflect what you have put here. I think > you would be better served by saying that there is a flaw in the > specifications in that there should be a MUST that some type of key or key > reference is required in a JWS or JWE.**** > > ** ** > > I would note that your example code should be more complex in that it does > not deal with jku or any of the x* methods of referencing keys.**** > > ** ** > > Jim**** > > ** ** > > ** ** > > *From:* Richard Barnes [mailto:rlb@ipv.sx] > *Sent:* Friday, March 22, 2013 4:09 PM > *To:* Jim Schaad > *Cc:* draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org > > *Subject:* Re: [jose] #15: Broken examples in JWE / JWS**** > > ** ** > > I admit that they are not broken according to the current spec. However, > I have a lot of trouble figuring out how I would write code to process them. > **** > > ** ** > > If "kid" or "jwk" MUST be present to indicate what key I should use, then > I can have deterministic code:**** > > if (/* recognized "kid" or "jwk" value */) { **** > > /* use it */**** > > } else {**** > > /* FAIL. can't process this object */**** > > }**** > > ** ** > > As the spec stands, I have no idea what to put in that "else" clause. I'm > clearly not supposed to fail, because the parameters are optional. But > what else?**** > > if (/* recognized "kid" or "jwk" value */) { **** > > /* use it */**** > > } else {**** > > /* insert special magic here */**** > > }**** > > ** ** > > This is actually what SPI is supposed to clear up. SPI would provide an > explicit third branch for the special magic to live in.**** > > if (/* recognized "kid" or "jwk" value */) { **** > > /* use it */**** > > } else if (/* recognized SPI value */) {**** > > /* process using stored parameters */**** > > } else {**** > > /* FAIL. can't process this object */**** > > }**** > > ** ** > > But without the concept of SPI, the spec is broken because of the > non-determinism noted above.**** > > ** ** > > --Richard**** > > ** ** > > ** ** > > ** ** > > On Fri, Mar 22, 2013 at 6:13 PM, Jim Schaad <ietf@augustcellars.com> > wrote:**** > > My inclination is that this response is correct. > > What make you think that the key or key reference is required and cannot be > implied? > > Jim**** > > > > > -----Original Message----- > > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > > jose issue tracker > > Sent: Friday, March 22, 2013 2:37 PM > > To: draft-ietf-jose-json-web-encryption@tools.ietf.org; > ignisvulpis@gmail.com > > Cc: jose@ietf.org > > Subject: Re: [jose] #15: Broken examples in JWE / JWS > > > > #15: Broken examples in JWE / JWS > > > > > > Comment (by ignisvulpis@gmail.com): > > > > I think this is not an issue. The examples are NOT broken and they do > not > > need a fix. > > I suggest to close this ticket. > > The draft should definitely not make these illegal. These objects are > perfect > > examples for a valid JWS/JWE. > > > > -- > > -------------------------+---------------------------------------------- > **** > > > -------------------------+---**** > > > Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- > > Type: defect | encryption@tools.ietf.org > > Priority: minor | Status: new > > Component: json-web- | Milestone: > > encryption | Version: > > Severity: - | Resolution: > > Keywords: | > > -------------------------+---------------------------------------------- > **** > > > -------------------------+---**** > > > > > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/15#comment:1 > > > > jose <http://tools.ietf.org/jose/> > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
- Re: [jose] #15: At least one key indicator should… jose issue tracker
- [jose] #15: Broken examples in JWE / JWS jose issue tracker
- Re: [jose] #15: Broken examples in JWE / JWS jose issue tracker
- Re: [jose] #15: Broken examples in JWE / JWS Jim Schaad
- Re: [jose] #15: Broken examples in JWE / JWS Richard Barnes
- Re: [jose] #15: Broken examples in JWE / JWS jose issue tracker
- Re: [jose] #15: Broken examples in JWE / JWS Richard Barnes
- Re: [jose] #15: Broken examples in JWE / JWS Jim Schaad
- Re: [jose] #15: At least one key indicator should… jose issue tracker
- Re: [jose] #15: Broken examples in JWE / JWS Richard Barnes
- Re: [jose] #15: At least one key indicator should… jose issue tracker
- Re: [jose] #15: Broken examples in JWE / JWS Brian Campbell
- Re: [jose] #15: Broken examples in JWE / JWS Richard Barnes
- Re: [jose] #15: Broken examples in JWE / JWS Mike Jones
- Re: [jose] #15: Broken examples in JWE / JWS Jim Schaad
- Re: [jose] #15: Broken examples in JWE / JWS Richard Barnes
- Re: [jose] #15: Broken examples in JWE / JWS Dick Hardt
- Re: [jose] #15: Broken examples in JWE / JWS Mike Jones
- Re: [jose] #15: Broken examples in JWE / JWS Dick Hardt
- Re: [jose] #15: Broken examples in JWE / JWS Dick Hardt
- Re: [jose] #15: At least one key indicator should… jose issue tracker
- Re: [jose] #15: At least one key indicator should… jose issue tracker
- Re: [jose] #15: At least one key indicator should… jose issue tracker