Re: [jose] Whiteboard Discussion Minutes
John Bradley <ve7jtb@ve7jtb.com> Thu, 15 November 2012 23:09 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F256621F84E4 for <jose@ietfa.amsl.com>; Thu, 15 Nov 2012 15:09:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8WAoY+Fx3-tB for <jose@ietfa.amsl.com>; Thu, 15 Nov 2012 15:09:54 -0800 (PST)
Received: from mail-ye0-f172.google.com (mail-ye0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id DD82121F84E3 for <jose@ietf.org>; Thu, 15 Nov 2012 15:09:53 -0800 (PST)
Received: by mail-ye0-f172.google.com with SMTP id l13so451315yen.31 for <jose@ietf.org>; Thu, 15 Nov 2012 15:09:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=TqGyS23fD4MNhgLeZC1oHKpa+yVOK6vmfJfBaNNHWo8=; b=i+MlHjX+Ex1dU6oPG/RhaK3odfao2ho1tU0z8xuDeQnA2I1g+AKSHGocIFc0z8SkwN aBeAJasJE60h04cxkCym6Mbk2zM+K054kztzeaCyQNPMiqxvCZMZDdIkv0BrsyCFsoOK U9eO1FogesK0Fugq+hF0siuQZelfOtccCj7PG1lxOSc/yCDPQw58LAYEkGC7jPNBuxio FvnHbJxvEod8ln67jdEsOBXVnFRCUjUpMZoPkVeFGYwEIjn8bdUJS5YO/8U48zh2P+8F zXlXWyQ97sAE6oUyc2phS6xgTgTK44tXvWY/+EpZeg5pURGAtWqXU0UEH8G2+VEqysR+ 7E7Q==
Received: by 10.236.186.105 with SMTP id v69mr2524922yhm.128.1353020993443; Thu, 15 Nov 2012 15:09:53 -0800 (PST)
Received: from [192.168.1.211] (190-20-31-131.baf.movistar.cl. [190.20.31.131]) by mx.google.com with ESMTPS id p17sm15521476anh.12.2012.11.15.15.09.50 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 15 Nov 2012 15:09:52 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943668D0123@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Thu, 15 Nov 2012 20:09:43 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <84D2F337-8A87-4FD3-BE3D-2942DD9EB39C@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B1680429673943668D0123@TK5EX14MBXC283.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlJ0cpfocMXYW4AictzNA2QvxtZ1XCUYa6iRg6CliUnZycZnXK6txmZue3QkbJg6CpLYQTp
Cc: "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] Whiteboard Discussion Minutes
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2012 23:09:55 -0000
Yes that is consistent with the conclusion I attempted to summarize to the list. John B. On 2012-11-15, at 5:46 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > That's close to my recollection as well. I'll summarize the primary conclusions in a different way to hopefully make them even clearer to people who weren't there: > > (1) We will define JWK extensions to represent private and symmetric keys > (2) We will recommend protection of private and symmetric keys by encrypting their JWK representations in a JWE > (3) We will define an additional JWA "alg" value for generation of a symmetric key from a password (thus enabling password-based key protection schemes) > > The two deliverables we agreed to were: > (A) The JWK extension document defining (1), which Mike will produce > (B) A key protection application document specifying (2) and (3), which Matt will produce > > Note that (B) will use the JWA registry to register (3), rather than adding (3) to the JWA doc itself. > > -- Mike > > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Matt Miller (mamille2) > Sent: Thursday, November 15, 2012 10:25 AM > To: jose@ietf.org > Subject: [jose] Whiteboard Discussion MInutes > > [ I urge the original participants to correct any omissions or glaring mistakes ] > > Participants > ============ > * Richard Barnes > * John Bradley > * Joe Hildebrand > * Michael Jones > * Matt Miller > * Jim Schaad > > "What's a JOSE" > =============== > > We started with a discussion of what the areas of concerns for JOSE are (established or otherwise): > > * public key > * private key > * symmetric key > * sign > * encrypt > * MAC > * wrapped keys > * passphrase-based wrapping > * algorithms > * extensibility > * common attributes > * serialization/syntax > > Regarding Keys > ============== > > There was also discussion on whether wrapped keys were their own top-level object, or an application of JWE. With this discussion, there was rough consensus that keys (including symmetric keys) should have the ability to include additional information (e.g. "expires" ). > > For top-level, this is approximately as presented in the WG: > { > "typ":"transport", > "alg":RSA-OEAP", > "jwk":{ ... }, > "val":base64url(pk-encrypt(jku, symmetric key value)) } > > For JWE application, the key would have a JWK representation: > { > "typ":"AES", > "key":base64url(symmetric key value) > } > > Which is then serialized to UTF-8 and used as the plaintext into JWE. > > Given this, there was very rough consensus that we pursue the "wrapped keys as JWE application" path, although it was suggested Richard provide a more concrete example of the top-level model. > > Regarding Encrypted Private Keys > ================================ > > There was discussion and consensus on adding support for PBKDF2 to derive a symmetric key from a password. The details are to be worked out as part of the wrapped key document. > > Regarding Organization > ====================== > > There was discussion on the organization of items, and whether the current documentation is sufficient. While there was no consensus on what the best layout is, there was also no consensus on changing anything. > > Work Items > ========== > > There was rough consensus on the following outputs, assuming no objections from the rest of the WG: > > * A document extending "RSA" and "EC" with the private key factors, plus a new JWK for symmetric keys. Tentatively to be done by Mike Jones, starting with draft-jones-jose-json-private-key > * A document that applies JWE to protecting keys (as JWK objects), and defines an algorithm that uses PBKDF2 for passphrase-based protection. Tentatively to be done by Matt Miller. > > > - m&m > > Matt Miller < mamille2@cisco.com > > Cisco Systems, Inc. > > PS: If you are interested in the cryptic notes, the images are temporarily available at < http://outer-planes.net/ietf/ietf85-josewg/ >. > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- Re: [jose] Whiteboard Discussion Minutes Mike Jones
- Re: [jose] Whiteboard Discussion Minutes John Bradley