IETF Logo Mail Archive

Re: [jose] #16: URI identifying a specific key in a JWK set

Richard Barnes <rlb@ipv.sx> Mon, 25 March 2013 22:12 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA56521F86F7 for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:12:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.168
X-Spam-Level:
X-Spam-Status: No, score=-1.168 tagged_above=-999 required=5 tests=[AWL=-0.743, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFMRGSu92fso for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:12:26 -0700 (PDT)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 096ED21F85D4 for <jose@ietf.org>; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
Received: by mail-ob0-f179.google.com with SMTP id un3so6437827obb.24 for <jose@ietf.org>; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=3Xrw8Ey+0Y/3xg0mspGM4ifSsePP7VTCK8YOlA0HSJs=; b=F/CEOJsH4q6MnAigWRcmy5Djf5WEitdc+CpCv0U+oF0vUnVh7O9MfixzSVyx5xWx5k iPLPon8gAcqflrVTtq3ANO656lcT/kHg7w3QsI3IAzpGWo4YAvFUF2cOi76UWC4OrgXr SniT8XgC38/f0oKQcbswo71FLy5JGAjp3y4U7KEZwor1p0zd1rq0w3bBEvwQicFjDMd2 cMPUFJ6MNGiABwIYsbW8jhajDC0Y9hahZMxvKIwosGiGfg9IkaT0SailAsGGzWCVYZ8n GyGtsSIcWRGfrM+RTDX1Q/SGpbdVF0kiUy+v/X2QLR7SxDu/NcS5H94LvbJALr1UYZTo Ug3w==
MIME-Version: 1.0
X-Received: by 10.60.172.80 with SMTP id ba16mr12731530oec.116.1364249544557; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
Received: by 10.60.172.146 with HTTP; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
X-Originating-IP: [192.1.51.16]
In-Reply-To: <CA+k3eCRBXsBC6qwJ5_43aa1JaBU4dgKPNu67JrX5RNjeX0be9A@mail.gmail.com>
References: <058.7d398c285ac07c1a4b2f1bfd0d8b7312@trac.tools.ietf.org> <CA+k3eCRBXsBC6qwJ5_43aa1JaBU4dgKPNu67JrX5RNjeX0be9A@mail.gmail.com>
Date: Mon, 25 Mar 2013 18:12:24 -0400
Message-ID: <CAL02cgRg_mHBkksKwzAdVyYaSmzdsu=R1BCyP734LHwHTsJ8iw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="bcaec5523bb67d65a704d8c719f3"
X-Gm-Message-State: ALoCoQkDL2oYzMKrmrhSzJx1tl3Dr14zSGf8sZhc3dzFEwuRkyCMyu+OUhAL7TkUiSMrCCBMm6wR
Cc: draft-ietf-jose-json-web-key@tools.ietf.org, jose issue tracker <trac+jose@trac.tools.ietf.org>, james@manger.com.au, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #16: URI identifying a specific key in a JWK set
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2013 22:12:26 -0000

+1

Would be good to have a MUST here to clarify.


On Mon, Mar 25, 2013 at 8:31 AM, Brian Campbell
<bcampbell@pingidentity.com>wrote:

> I'd always just assumed that, short of some other means of figuring it
> out, a kid header would accompany a jku to identify the specific key in the
> set.
>
>
> On Sun, Mar 24, 2013 at 6:40 PM, jose issue tracker <
> trac+jose@trac.tools.ietf.org> wrote:
>
>> #16: URI identifying a specific key in a JWK set
>>
>>  When a public key is required to process a JOSE message, providing a URI
>>  for the key is a useful alternative to providing the actual key or a
>>  certificate. The URI needs to identify the specific individual public key
>>  required for the specific JOSE message. A URI that merely identifies a
>> set
>>  of keys (one of which is the correct one) is not sufficient.
>>
>>  Given that a "jku" field holds a URI pointing to a set of keys, we need
>> to
>>  define how to use the fragment part of those URIs to identify a specific
>>  key in the set.
>>
>>  Using the "kid" (key id) in the fragment would be a sensible choice.
>>
>> --
>>
>> -------------------------+-------------------------------------------------
>>  Reporter:               |      Owner:  draft-ietf-jose-json-web-
>>   james@manger.com.au    |  key@tools.ietf.org
>>      Type:  defect       |     Status:  new
>>  Priority:  major        |  Milestone:
>> Component:  json-web-    |    Version:
>>   key                    |   Keywords:
>>  Severity:  -            |
>>
>> -------------------------+-------------------------------------------------
>>
>> Ticket URL: <https://tools.ietf.org/wg/jose/trac/ticket/16>
>> jose <http://tools.ietf.org/jose/>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

v2.23.0 | Report a Bug | By Email