Re: [jose] comment on

Mike Jones <> Thu, 20 November 2014 01:37 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F3C901A6FCC for <>; Wed, 19 Nov 2014 17:37:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id amfwvU-_evd1 for <>; Wed, 19 Nov 2014 17:37:21 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fc10::1:760]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B559B1A8AFB for <>; Wed, 19 Nov 2014 17:37:07 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 20 Nov 2014 01:36:44 +0000
Received: from (2a01:111:f400:7c10::151) by (2a01:111:e400:401e::36) with Microsoft SMTP Server (TLS) id via Frontend Transport; Thu, 20 Nov 2014 01:36:43 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id via Frontend Transport; Thu, 20 Nov 2014 01:36:43 +0000
Received: from ([]) by ([]) with mapi id 14.03.0210.003; Thu, 20 Nov 2014 01:36:34 +0000
From: Mike Jones <>
To: "" <>
Thread-Topic: comment on
Thread-Index: AQHQBCcWPJWy2CKnf0OwbAd7v9wVZJxoS2YwgABwhdA=
Date: Thu, 20 Nov 2014 01:36:33 +0000
Message-ID: <>
References: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB8DDB4TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(189002)(199003)(68736004)(107046002)(44976005)(6806004)(69596002)(2351001)(19580405001)(19580395003)(15975445006)(71186001)(86612001)(19300405004)(86362001)(230783001)(50986999)(54356999)(76176999)(95666004)(81156004)(106466001)(2656002)(87936001)(106116001)(66066001)(84676001)(77096003)(62966003)(77156002)(92566001)(84326002)(92726001)(85806002)(64706001)(20776003)(26826002)(19625215002)(2501002)(97736003)(33656002)(512874002)(19617315012)(21056001)(55846006)(104016003)(16236675004)(110136001)(99396003)(120916001)(4396001)(46102003)(31966008)(15202345003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1205;; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1205;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BY1PR0301MB1205;
X-Forefront-PRVS: 0401647B7F
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BY1PR0301MB1205;
Cc: Alok Menghrajani <>
Subject: Re: [jose] comment on
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Nov 2014 01:37:24 -0000

These values are now included in the -37 drafts, at these locations:

                                                                -- Mike

From: Mike Jones
Sent: Wednesday, November 19, 2014 11:10 AM
Cc: 'Alok Menghrajani'
Subject: RE: comment on

Given the WebCrypto decision to not import RSA private keys unless the CRT parameters are also present, I think it makes sense to include these parameter values (p, q, dp, dq, qi) in the examples.

The places these values would be added are:

I’ll plan to do this in the next drafts unless I hear objections.

                                                                -- Mike

From: Alok Menghrajani []
Sent: Wednesday, November 19, 2014 10:32 AM
To: Mike Jones
Subject: comment on

Hello Mike,

I am working on a piece of javascript code which uses the web crypto api and jwe. When writing some unittests, I noticed that the example JWK in, appendix A.1.3 contains a "d" parameter (this is also the case with some of the other examples).

On one hand, the example mentions "recipient's public key" and only encrypts data, so I think the JWK should not have a "d" parameter.

On the other hand, it might make sense to have the private key to help anyone who would want to decrypt the example's cipher text.

It turns out that the current browser crypto API is pretty unfriendly: it won't import the example's JWK key as a public key unless the "d" parameter is omitted and it won't import the JWK as a private key unless the remaining key parameters are there; the API doesn't compute them for you.

Do you agree the "d" parameter should be removed or do you think the remaining key parameters should be included?