Re: [jose] #16: URI identifying a specific key in a JWK set
Richard Barnes <rlb@ipv.sx> Mon, 25 March 2013 22:12 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA56521F86F7 for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:12:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.168
X-Spam-Level:
X-Spam-Status: No, score=-1.168 tagged_above=-999 required=5 tests=[AWL=-0.743, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFMRGSu92fso for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:12:26 -0700 (PDT)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 096ED21F85D4 for <jose@ietf.org>; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
Received: by mail-ob0-f179.google.com with SMTP id un3so6437827obb.24 for <jose@ietf.org>; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=3Xrw8Ey+0Y/3xg0mspGM4ifSsePP7VTCK8YOlA0HSJs=; b=F/CEOJsH4q6MnAigWRcmy5Djf5WEitdc+CpCv0U+oF0vUnVh7O9MfixzSVyx5xWx5k iPLPon8gAcqflrVTtq3ANO656lcT/kHg7w3QsI3IAzpGWo4YAvFUF2cOi76UWC4OrgXr SniT8XgC38/f0oKQcbswo71FLy5JGAjp3y4U7KEZwor1p0zd1rq0w3bBEvwQicFjDMd2 cMPUFJ6MNGiABwIYsbW8jhajDC0Y9hahZMxvKIwosGiGfg9IkaT0SailAsGGzWCVYZ8n GyGtsSIcWRGfrM+RTDX1Q/SGpbdVF0kiUy+v/X2QLR7SxDu/NcS5H94LvbJALr1UYZTo Ug3w==
MIME-Version: 1.0
X-Received: by 10.60.172.80 with SMTP id ba16mr12731530oec.116.1364249544557; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
Received: by 10.60.172.146 with HTTP; Mon, 25 Mar 2013 15:12:24 -0700 (PDT)
X-Originating-IP: [192.1.51.16]
In-Reply-To: <CA+k3eCRBXsBC6qwJ5_43aa1JaBU4dgKPNu67JrX5RNjeX0be9A@mail.gmail.com>
References: <058.7d398c285ac07c1a4b2f1bfd0d8b7312@trac.tools.ietf.org> <CA+k3eCRBXsBC6qwJ5_43aa1JaBU4dgKPNu67JrX5RNjeX0be9A@mail.gmail.com>
Date: Mon, 25 Mar 2013 18:12:24 -0400
Message-ID: <CAL02cgRg_mHBkksKwzAdVyYaSmzdsu=R1BCyP734LHwHTsJ8iw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="bcaec5523bb67d65a704d8c719f3"
X-Gm-Message-State: ALoCoQkDL2oYzMKrmrhSzJx1tl3Dr14zSGf8sZhc3dzFEwuRkyCMyu+OUhAL7TkUiSMrCCBMm6wR
Cc: draft-ietf-jose-json-web-key@tools.ietf.org, jose issue tracker <trac+jose@trac.tools.ietf.org>, james@manger.com.au, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #16: URI identifying a specific key in a JWK set
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2013 22:12:26 -0000
+1 Would be good to have a MUST here to clarify. On Mon, Mar 25, 2013 at 8:31 AM, Brian Campbell <bcampbell@pingidentity.com>wrote: > I'd always just assumed that, short of some other means of figuring it > out, a kid header would accompany a jku to identify the specific key in the > set. > > > On Sun, Mar 24, 2013 at 6:40 PM, jose issue tracker < > trac+jose@trac.tools.ietf.org> wrote: > >> #16: URI identifying a specific key in a JWK set >> >> When a public key is required to process a JOSE message, providing a URI >> for the key is a useful alternative to providing the actual key or a >> certificate. The URI needs to identify the specific individual public key >> required for the specific JOSE message. A URI that merely identifies a >> set >> of keys (one of which is the correct one) is not sufficient. >> >> Given that a "jku" field holds a URI pointing to a set of keys, we need >> to >> define how to use the fragment part of those URIs to identify a specific >> key in the set. >> >> Using the "kid" (key id) in the fragment would be a sensible choice. >> >> -- >> >> -------------------------+------------------------------------------------- >> Reporter: | Owner: draft-ietf-jose-json-web- >> james@manger.com.au | key@tools.ietf.org >> Type: defect | Status: new >> Priority: major | Milestone: >> Component: json-web- | Version: >> key | Keywords: >> Severity: - | >> >> -------------------------+------------------------------------------------- >> >> Ticket URL: <https://tools.ietf.org/wg/jose/trac/ticket/16> >> jose <http://tools.ietf.org/jose/> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] #16: URI identifying a specific key in a J… jose issue tracker
- Re: [jose] #16: URI identifying a specific key in… Brian Campbell
- Re: [jose] #16: URI identifying a specific key in… Richard Barnes
- Re: [jose] #16: URI identifying a specific key in… Manger, James H
- Re: [jose] #16: URI identifying a specific key in… Richard Barnes
- Re: [jose] #16: URI identifying a specific key in… Peck, Michael A
- Re: [jose] #16: URI identifying a specific key in… jose issue tracker
- Re: [jose] #16: URI identifying a specific key in… Dick Hardt
- Re: [jose] #16: URI identifying a specific key in… Manger, James H
- Re: [jose] #16: URI identifying a specific key in… jose issue tracker
- Re: [jose] #16: URI identifying a specific key in… Manger, James H
- Re: [jose] #16: URI identifying a specific key in… Justin Richer
- Re: [jose] #16: URI identifying a specific key in… Mike Jones
- Re: [jose] #16: URI identifying a specific key in… Manger, James H
- Re: [jose] #16: URI identifying a specific key in… jose issue tracker