Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

"Jim Schaad" <ietf@augustcellars.com> Mon, 10 November 2014 21:04 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCF841ACEBB; Mon, 10 Nov 2014 13:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0ypn-k_xmhx; Mon, 10 Nov 2014 13:04:19 -0800 (PST)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7741ACE4F; Mon, 10 Nov 2014 13:04:19 -0800 (PST)
Received: from Philemon (dhcp-a75e.meeting.ietf.org [31.133.167.94]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 9D0E638F02; Mon, 10 Nov 2014 13:04:16 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Richard Barnes' <rlb@ipv.sx>
References: <032e01cffd22$ec37f7c0$c4a7e740$@augustcellars.com> <CAL02cgQj+NLBoU4MDMAJ4CEAJPqSTKPPDzYD2qtg2TTmf+QRLg@mail.gmail.com>
In-Reply-To: <CAL02cgQj+NLBoU4MDMAJ4CEAJPqSTKPPDzYD2qtg2TTmf+QRLg@mail.gmail.com>
Date: Mon, 10 Nov 2014 11:03:54 -1000
Message-ID: <037601cffd29$d7d68380$87838a80$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0377_01CFFCD6.062CBD70"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKkwoH3uFuEGpb93OV4/ZViaGnrrAEUiLVKmqgqIJA=
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/91oAOhQBps7HRx8kUs1K6YgJeAU
Cc: iesg@ietf.org, jose@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 21:04:23 -0000

Oh – your right.  My head is not processing fast enough.

 

In that case I don’t know of any implementation at the moment for the “oth” parameter

 

I am not sure if Stephen is going to force a removal based on that or not.

 

Jim

 

 

From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Monday, November 10, 2014 10:39 AM
To: Jim Schaad
Cc: jose@ietf.org; Stephen Farrell
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

 

What?  I can't speak for Chrome, but Firefox completely ignores the "oth" parameter.

http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoKey.cpp?from=PrivateKeyFromJwk#678

I think you're thinking of the extended, technically not-required RSA private parameters "p", "q", "dp", "dq", "qi".  Firefox and Chrome DO both require those, because the underlying library requires them and we didn't want to implement factoring above the library layer (at least for Firefox).

I'm not sure it makes sense for those parameters to be required at the JWK layer.

 

 

On Mon, Nov 10, 2014 at 10:14 AM, Jim Schaad <ietf@augustcellars.com> wrote:

Based on email that has been sent to the list.  It appears that both Chrome and Firefox have fully implemented the “oth” parameter of RSA private keys.  They actually appear to require that it be present rather than be optional as the document specifies.  However this would mean to me that this parameters is used and you can clear you discuss on that basis.

 

Jim

 


_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose