Re: [jose] #15: At least one key indicator should be mandatory

"jose issue tracker" <> Fri, 14 June 2013 22:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6F57621F99F3 for <>; Fri, 14 Jun 2013 15:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xMZEiprYsn1G for <>; Fri, 14 Jun 2013 15:27:33 -0700 (PDT)
Received: from ( [IPv6:2a01:3f0:1:2::30]) by (Postfix) with ESMTP id A688C21F99D2 for <>; Fri, 14 Jun 2013 15:27:33 -0700 (PDT)
Received: from localhost ([]:50166 ident=www-data) by with esmtp (Exim 4.80) (envelope-from <>) id 1UncSr-0003Ys-8s; Sat, 15 Jun 2013 00:27:25 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "jose issue tracker" <>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
X-Trac-Project: jose
Date: Fri, 14 Jun 2013 22:27:25 -0000
Message-ID: <>
References: <>
X-Trac-Ticket-ID: 15
In-Reply-To: <>
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Resent-Message-Id: <>
Resent-Date: Fri, 14 Jun 2013 15:27:33 -0700 (PDT)
Subject: Re: [jose] #15: At least one key indicator should be mandatory
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Jun 2013 22:27:34 -0000

#15: At least one key indicator should be mandatory

Comment (by

 draft-ietf-jose-json-web-encryption-11, draft-ietf-jose-json-web-
 signature-11, and draft-ietf-jose-json-web-key-11 incorporate the
 resolution to this issue agreed to at the interim working group meeting in
 Denver.  Specifically, this new section is now present in JWS and a
 corresponding section is present in JWE:

 7.  Key Identification

    It is necessary for the recipient of a JWS to be able to determine
    the key that was employed for the digital signature or MAC operation.
    The key employed can be identified using the Header Parameter methods
    described in Section 4.1 or can be identified using methods that are
    outside the scope of this specification.  Specifically, the Header
    Parameters "jku", "jwk", "x5u", "x5t", "x5c", and "kid" can be used
    to identify the key used.  The sender SHOULD include sufficient
    information in the Header Parameters to identify the key used, unless
    the application uses another means or convention to determine the key

 Also, this text is now present in the "kid" description in JWK:

    When "kid" values are used within a JWK Set, different
    keys within the JWK Set SHOULD use distinct "kid" values.  The "kid"
    value is a case sensitive string.  Use of this member is OPTIONAL.

    When used with JWS or JWE, the "kid" value can be used to match a JWS
    or JWE "kid" header parameter value.

 Therefore, I believe that this issue should be closed as fixed.

 Reporter:   |       Owner:  draft-ietf-jose-json-web-
     Type:  defect       |
 Priority:  minor        |      Status:  new
Component:  json-web-    |   Milestone:
  encryption             |     Version:
 Severity:  -            |  Resolution:
 Keywords:               |

Ticket URL: <>
jose <>