Re: [jose] comment on https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3

Mike Jones <Michael.Jones@microsoft.com> Thu, 20 November 2014 01:37 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3C901A6FCC for <jose@ietfa.amsl.com>; Wed, 19 Nov 2014 17:37:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amfwvU-_evd1 for <jose@ietfa.amsl.com>; Wed, 19 Nov 2014 17:37:21 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0760.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:760]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B559B1A8AFB for <jose@ietf.org>; Wed, 19 Nov 2014 17:37:07 -0800 (PST)
Received: from BN3PR0301CA0068.namprd03.prod.outlook.com (25.160.152.164) by BY1PR0301MB1205.namprd03.prod.outlook.com (25.161.203.154) with Microsoft SMTP Server (TLS) id 15.1.26.15; Thu, 20 Nov 2014 01:36:44 +0000
Received: from BN1AFFO11FD042.protection.gbl (2a01:111:f400:7c10::151) by BN3PR0301CA0068.outlook.office365.com (2a01:111:e400:401e::36) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Thu, 20 Nov 2014 01:36:43 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD042.mail.protection.outlook.com (10.58.52.253) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Thu, 20 Nov 2014 01:36:43 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.229]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.03.0210.003; Thu, 20 Nov 2014 01:36:34 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: comment on https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3
Thread-Index: AQHQBCcWPJWy2CKnf0OwbAd7v9wVZJxoS2YwgABwhdA=
Date: Thu, 20 Nov 2014 01:36:33 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB8DDB4@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <CAEVqHxnCzyFjRV4kOD9uTnF0aOk+YkaDhZhFufsUjRnB8RGL-w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.76]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB8DDB4TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(189002)(199003)(68736004)(107046002)(44976005)(6806004)(69596002)(2351001)(19580405001)(19580395003)(15975445006)(71186001)(86612001)(19300405004)(86362001)(230783001)(50986999)(54356999)(76176999)(95666004)(81156004)(106466001)(2656002)(87936001)(106116001)(66066001)(84676001)(77096003)(62966003)(77156002)(92566001)(84326002)(92726001)(85806002)(64706001)(20776003)(26826002)(19625215002)(2501002)(97736003)(33656002)(512874002)(19617315012)(21056001)(55846006)(104016003)(16236675004)(110136001)(99396003)(120916001)(4396001)(46102003)(31966008)(15202345003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1205; H:mail.microsoft.com; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1205;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BY1PR0301MB1205;
X-Forefront-PRVS: 0401647B7F
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BY1PR0301MB1205;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/Bv-Q1MAqf2BnBs1yr1kcxfzXTh4
Cc: Alok Menghrajani <alok@squareup.com>
Subject: Re: [jose] comment on https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 01:37:24 -0000

These values are now included in the -37 drafts, at these locations:
https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-37#appendix-A.2.1
https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-37#appendix-A.1.3
https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-37#appendix-A.2.3

                                                                -- Mike

From: Mike Jones
Sent: Wednesday, November 19, 2014 11:10 AM
To: jose@ietf.org
Cc: 'Alok Menghrajani'
Subject: RE: comment on https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3

Given the WebCrypto decision to not import RSA private keys unless the CRT parameters are also present, I think it makes sense to include these parameter values (p, q, dp, dq, qi) in the examples.

The places these values would be added are:
https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-36#appendix-A.2.1
https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3
https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.2.3

I’ll plan to do this in the next drafts unless I hear objections.

                                                                -- Mike

From: Alok Menghrajani [mailto:alok@squareup.com]
Sent: Wednesday, November 19, 2014 10:32 AM
To: Mike Jones
Subject: comment on https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36#appendix-A.1.3

Hello Mike,

I am working on a piece of javascript code which uses the web crypto api and jwe. When writing some unittests, I noticed that the example JWK in https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-36, appendix A.1.3 contains a "d" parameter (this is also the case with some of the other examples).

On one hand, the example mentions "recipient's public key" and only encrypts data, so I think the JWK should not have a "d" parameter.

On the other hand, it might make sense to have the private key to help anyone who would want to decrypt the example's cipher text.

It turns out that the current browser crypto API is pretty unfriendly: it won't import the example's JWK key as a public key unless the "d" parameter is omitted and it won't import the JWK as a private key unless the remaining key parameters are there; the API doesn't compute them for you.

Do you agree the "d" parameter should be removed or do you think the remaining key parameters should be included?

Alok