Re: [jose] Keys in the documents
Brian Campbell <bcampbell@pingidentity.com> Tue, 30 July 2013 10:17 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A65421E80C6 for <jose@ietfa.amsl.com>; Tue, 30 Jul 2013 03:17:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.782
X-Spam-Level:
X-Spam-Status: No, score=-5.782 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mdw4tFUTrkfF for <jose@ietfa.amsl.com>; Tue, 30 Jul 2013 03:17:02 -0700 (PDT)
Received: from na3sys009aog134.obsmtp.com (na3sys009aog134.obsmtp.com [74.125.149.83]) by ietfa.amsl.com (Postfix) with ESMTP id 7E26021F8956 for <jose@ietf.org>; Tue, 30 Jul 2013 03:17:00 -0700 (PDT)
Received: from mail-oa0-f44.google.com ([209.85.219.44]) (using TLSv1) by na3sys009aob134.postini.com ([74.125.148.12]) with SMTP ID DSNKUfeSnJZJjmlmC+uNYZMtIBgNZPr+F+r2@postini.com; Tue, 30 Jul 2013 03:17:00 PDT
Received: by mail-oa0-f44.google.com with SMTP id l20so12137955oag.31 for <jose@ietf.org>; Tue, 30 Jul 2013 03:16:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=rK8rShchAaoG0wZsKWTxNUnKCv64h+Q/gGSaY/EsNBE=; b=Vo8gZ69b4X4G9G//eTc88HAFEqvFnHmOSmVm4R4doGLv9RxD5dv+beYkj2eSTzcyUJ e5bmrykwPbqChQJBg4woa3qhxSXyPn7LPclXSxj4/7LRtpeENeFBkNJYnKOKcYjpgMGM JEjl1nO5LH5YPozbwRt4nR6QPLo8ExLfjTRoU3aHChu7lPhNqOL6v0UhGk6UIhmLHlmn OaGxFLD1qniTVAMGr9afW99HPtnp0tR/OHFAOCLi+htARQBLwLRryjhUZNvg3sr79lY5 MOPAYNA1U27LWoDREgHKHAG3qHBx9N0XiY0twBXVYRaWMG/4xW19YS8paTj7p6Pyf24Y pYcw==
X-Received: by 10.50.111.104 with SMTP id ih8mr78583igb.28.1375179419787; Tue, 30 Jul 2013 03:16:59 -0700 (PDT)
X-Received: by 10.50.111.104 with SMTP id ih8mr78578igb.28.1375179419668; Tue, 30 Jul 2013 03:16:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.41.34 with HTTP; Tue, 30 Jul 2013 03:16:29 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B7309AF@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436B7309AF@TK5EX14MBXC284.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 30 Jul 2013 12:16:29 +0200
Message-ID: <CA+k3eCRz9XbLRtaNdcgCqvjVWQan_N6JQj2Mmri2idMQiEDunQ@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e0149be58cfeac004e2b7e8c5"
X-Gm-Message-State: ALoCoQk7Jqi1Wzkj3/6BCSXZArEU7XTxRf6cLbvp5K4VhuIrXTUqDlMuSAiICOIhTP6allWQekgdznO02HjbtsffAJ+mCi5WS9Qd3Gqe+dK4UPlqfBG1WyyWnck93jdqqaS11MNOu/wN
Cc: Richard Barnes <rlb@ipv.sx>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] Keys in the documents
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 10:17:07 -0000
Looks good to me. Thanks. On Tue, Jul 30, 2013 at 11:08 AM, Mike Jones <Michael.Jones@microsoft.com>wrote: > -14 now describes which RSA key parameters are there to enable > optimizations, and states that their presence is RECOMMENDED, and that if > any are present, all must be present (yes, with special language for the > case of 3 or more prime factors).**** > > ** ** > > -- Mike**** > > ** ** > > *From:* Richard Barnes [mailto:rlb@ipv.sx <rlb@ipv.sx>] > *Sent:* Tuesday, July 16, 2013 4:21 PM > *To:* Brian Campbell > *Cc:* Mike Jones; Matt Miller (mamille2); Jim Schaad; jose@ietf.org > *Subject:* Re: [jose] Keys in the documents**** > > ** ** > > On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell < > bcampbell@pingidentity.com> wrote:**** > > I like this change and think it will make it much more straightforward > to consume the examples.**** > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. **** > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. **** > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? **** > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point.**** > > ** ** > > Yes. This change should be made. Technically, only the modulus (n) and > private exponent (d) are required. So the requirement levels for a private > key would be:**** > > n, d: MUST**** > > e: SHOULD (so that you can derive the corresponding public key)**** > > p,q,dp,dq,qi: MAY (since these are all optimizations)**** > > ** ** > > --Richard**** > > **** > > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > **** > > ** ** > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote:**** > > FYI – this was done in the -12 drafts.**** > > **** > > -- Mike**** > > **** > > *From:* Mike Jones [mailto:Michael.Jones@microsoft.com] **** > > *Sent:* Friday, June 21, 2013 8:58 AM**** > > *To:* Matt Miller (mamille2); Richard Barnes**** > > > *Cc:* Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org; > jose@ietf.org**** > > *Subject:* RE: [jose] Keys in the documents**** > > **** > > Will do.**** > ------------------------------ > > *From: *Matt Miller (mamille2) > *Sent: *6/21/2013 6:06 AM > *To: *Richard Barnes > *Cc: *Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org; > jose@ietf.org > *Subject: *Re: [jose] Keys in the documents > > +1 > > On Jun 20, 2013, at 8:48 PM, Richard Barnes <rlb@ipv.sx> > wrote: > > > +1 > > > > On Thursday, June 20, 2013, Jim Schaad wrote: > > > >> Is there any reason not to provide the public and private keys in the > >> appendixes as JWK objects? This would make them easier to understand > and > >> put them into a format that one expects to be understood by JOSE > systems.* > >> *** > >> > >> ** ** > >> > >> Jim**** > >> > >> ** ** > >> > > - m&m > > Matt Miller < mamille2@cisco.com > > Cisco Systems, Inc.**** > > ** ** > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** > > ** ** > > ** ** > > On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell < > bcampbell@pingidentity.com> wrote:**** > > I like this change and think it will make it much more straightforward to > consume the examples.**** > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. **** > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. **** > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? **** > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point. > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > **** > > ** ** > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote:**** > > FYI – this was done in the -12 drafts.**** > > **** > > -- Mike**** > > **** > > *From:* Mike Jones [mailto:Michael.Jones@microsoft.com] **** > > *Sent:* Friday, June 21, 2013 8:58 AM**** > > *To:* Matt Miller (mamille2); Richard Barnes**** > > > *Cc:* Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org; > jose@ietf.org**** > > *Subject:* RE: [jose] Keys in the documents**** > > **** > > Will do.**** > ------------------------------ > > *From: *Matt Miller (mamille2) > *Sent: *6/21/2013 6:06 AM > *To: *Richard Barnes > *Cc: *Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org; > jose@ietf.org > *Subject: *Re: [jose] Keys in the documents > > +1 > > On Jun 20, 2013, at 8:48 PM, Richard Barnes <rlb@ipv.sx> > wrote: > > > +1 > > > > On Thursday, June 20, 2013, Jim Schaad wrote: > > > >> Is there any reason not to provide the public and private keys in the > >> appendixes as JWK objects? This would make them easier to understand > and > >> put them into a format that one expects to be understood by JOSE > systems.* > >> *** > >> > >> ** ** > >> > >> Jim**** > >> > >> ** ** > >> > > - m&m > > Matt Miller < mamille2@cisco.com > > Cisco Systems, Inc.**** > > ** ** > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** > > ** ** >
- [jose] Keys in the documents Jim Schaad
- Re: [jose] Keys in the documents Richard Barnes
- Re: [jose] Keys in the documents Matt Miller (mamille2)
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Jim Schaad
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Brian Campbell
- Re: [jose] Keys in the documents Richard Barnes
- Re: [jose] Keys in the documents Mike Jones
- Re: [jose] Keys in the documents Brian Campbell