IETF Logo Mail Archive

Re: [jose] Keys in the documents

Brian Campbell <bcampbell@pingidentity.com> Tue, 16 July 2013 20:41 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 166C921E8083 for <jose@ietfa.amsl.com>; Tue, 16 Jul 2013 13:41:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.976
X-Spam-Level:
X-Spam-Status: No, score=-5.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JF2OPHY75btP for <jose@ietfa.amsl.com>; Tue, 16 Jul 2013 13:41:02 -0700 (PDT)
Received: from na3sys009aog135.obsmtp.com (na3sys009aog135.obsmtp.com [74.125.149.84]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7BC21E8064 for <jose@ietf.org>; Tue, 16 Jul 2013 13:41:01 -0700 (PDT)
Received: from mail-ie0-f174.google.com ([209.85.223.174]) (using TLSv1) by na3sys009aob135.postini.com ([74.125.148.12]) with SMTP ID DSNKUeWv3SBrzIrgzoBCKVwy6LZ1ClBWU+aW@postini.com; Tue, 16 Jul 2013 13:41:02 PDT
Received: by mail-ie0-f174.google.com with SMTP id 9so2575673iec.33 for <jose@ietf.org>; Tue, 16 Jul 2013 13:41:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=boEHp/2/K1djK9Fgap4JzynFci4gFSeOJXUDD99r2jk=; b=CKZzP/ptX2RWNdB8Op6vmcaRvQCboU7ZZ4yprdUxfajn45XtLjGxrEv1OlUmSol0pC 0zTtaUNgEcyD+ZDDLaRPj6vSZHy+BAgYCZIp050uaygx5Gi9vwYrFMPU7LadDb7nU/ke K11gVWnk1v15pile2xjptlXNV6bR0QA5tPwwZ7tXycoogSPCKcS36C16iZZM7967zzON aXWo2+favZEwMYJpsmOVJ4vpwCmuLGQ2fKl4dMbbks9hdDU5GAiDFYj7G8B1xedBBx1A dsKWqncSqMxqP2G05ozhs382DEjDtS83QH8qHLgmyxOvzST7ELMH1Yd00NKFH9DLkU6+ 1wog==
X-Received: by 10.43.119.73 with SMTP id ft9mr2881735icc.96.1374007261310; Tue, 16 Jul 2013 13:41:01 -0700 (PDT)
X-Received: by 10.43.119.73 with SMTP id ft9mr2881722icc.96.1374007261170; Tue, 16 Jul 2013 13:41:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.41.34 with HTTP; Tue, 16 Jul 2013 13:40:31 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B6BE7D1@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436787EB2A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739436B6BE7D1@TK5EX14MBXC283.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 16 Jul 2013 14:40:31 -0600
Message-ID: <CA+k3eCTdORHQOZXjx5wys=8Q9doDq3FD783viYzfQe86-gbN_Q@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="bcaec51864c4b8a5bb04e1a6fea1"
X-Gm-Message-State: ALoCoQnjqWNT2w8b53WeJKNm46TeQ3Knzv1XMa9UD7qNPLms1QnTWmpRKqqygLnS4GFTODQpPUWUTFHre3Bd+2iA4hGeNazwK+GzOXge0UsCoQb4Dza77uAis+EB1L6PXUX1qQilksPL
Cc: Richard Barnes <rlb@ipv.sx>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] Keys in the documents
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 20:41:07 -0000

I like this change and think it will make it much more straightforward to
consume the examples.

One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for RSA
Private Keys" [1] it says that all the members (excepting "oth") are
required for private keys.

However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d"
(Private Exponent) Parameter part of the private portion.

Can we relax/change JWA to say something like "d" is always required and
either all of others (with the caveat for "oth") are required to be there
together or that they all need to be omitted?

The Private Exponent is all that's functionally needed, right? And the rest
are optimizations? I honestly don't know much (okay anything) about CRT vs
plain old RSA keys. But it seems like there are cases where it'd be totally
reasonable to have just the "d" - and the examples in JWS and JWE seem to
make that point.

[1]
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2
[2]
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4
[3]
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1


On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  FYI – this was done in the -12 drafts.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* Mike Jones [mailto:Michael.Jones@microsoft.com]
> *Sent:* Friday, June 21, 2013 8:58 AM
> *To:* Matt Miller (mamille2); Richard Barnes
>
> *Cc:* Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org;
> jose@ietf.org
> *Subject:* RE: [jose] Keys in the documents****
>
>  ** **
>
> Will do.****
>   ------------------------------
>
> *From: *Matt Miller (mamille2)
> *Sent: *6/21/2013 6:06 AM
> *To: *Richard Barnes
> *Cc: *Jim Schaad; draft-ietf-jose-json-web-encryption@tools.ietf.org;
> jose@ietf.org
> *Subject: *Re: [jose] Keys in the documents
>
> +1
>
> On Jun 20, 2013, at 8:48 PM, Richard Barnes <rlb@ipv.sx>
> wrote:
>
> > +1
> >
> > On Thursday, June 20, 2013, Jim Schaad wrote:
> >
> >> Is there any reason not to provide the public and private keys in the
> >> appendixes as JWK objects?  This would make them easier to understand
> and
> >> put them into a format that one expects to be understood by JOSE
> systems.*
> >> ***
> >>
> >> ** **
> >>
> >> Jim****
> >>
> >> ** **
> >>
>
> - m&m
>
> Matt Miller < mamille2@cisco.com >
> Cisco Systems, Inc.****
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

v2.14.0 | Report a Bug | By Email