Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

Richard Barnes <rlb@ipv.sx> Mon, 10 November 2014 20:39 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 266321A911E for <jose@ietfa.amsl.com>; Mon, 10 Nov 2014 12:39:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQOx00N-czCu for <jose@ietfa.amsl.com>; Mon, 10 Nov 2014 12:39:12 -0800 (PST)
Received: from mail-yh0-f50.google.com (mail-yh0-f50.google.com [209.85.213.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DC561ACE6A for <jose@ietf.org>; Mon, 10 Nov 2014 12:39:12 -0800 (PST)
Received: by mail-yh0-f50.google.com with SMTP id 29so3787822yhl.23 for <jose@ietf.org>; Mon, 10 Nov 2014 12:39:11 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=qewLKTHFPybU2Z2M3roLTN5GTY6LZIkBw0xYsoq3PeY=; b=NWSTfLI+hkytOXstCq1YE5diZv/L/1db2yZIDRWLQv5SknWtTJdpSEOTEikAhd6TTj 8q1WCCX2hxFM4tBofVRkF289DPWPu1erVWAeTGX0JcPCNmidKLzXa6cQ5nIox6XBjjxt EqfDFl/bRp1w32DHXnVQsaqque/GVq3QovErOOxS9jkeGSNe4vQZ4UC0iFW/VXC1VjJL Q+vOwzKye4/rcof1pbdsSl7RcXbFl6FqlwVdP2ogwFFkxtEdQyautyJjzX8XBn7iM+lO tSbU42B6fZNecKOODLEZVZJIsrZsIn2SZwUbYPs5Y5no9vZVpmKtovN4eWtl0mP958BO BSuA==
X-Gm-Message-State: ALoCoQm17ciQxH2V0nMCJsf7AgxFGjObIv3dtYtcnUrtAWfPVLGgT0hwKRI5xPnwHfs1ztpryUKq
MIME-Version: 1.0
X-Received: by 10.52.136.80 with SMTP id py16mr2472445vdb.54.1415651951535; Mon, 10 Nov 2014 12:39:11 -0800 (PST)
Received: by 10.31.149.1 with HTTP; Mon, 10 Nov 2014 12:39:11 -0800 (PST)
In-Reply-To: <032e01cffd22$ec37f7c0$c4a7e740$@augustcellars.com>
References: <032e01cffd22$ec37f7c0$c4a7e740$@augustcellars.com>
Date: Mon, 10 Nov 2014 10:39:11 -1000
Message-ID: <CAL02cgQj+NLBoU4MDMAJ4CEAJPqSTKPPDzYD2qtg2TTmf+QRLg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="bcaec52d4dadb281640507872713"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/N0-N_81bjJ9V2ne6LKnTqLFeMcw
Cc: "jose@ietf.org" <jose@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 20:39:14 -0000

What?  I can't speak for Chrome, but Firefox completely ignores the "oth"
parameter.

http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoKey.cpp?from=PrivateKeyFromJwk#678

I think you're thinking of the extended, technically not-required RSA
private parameters "p", "q", "dp", "dq", "qi".  Firefox and Chrome DO both
require those, because the underlying library requires them and we didn't
want to implement factoring above the library layer (at least for Firefox).

I'm not sure it makes sense for those parameters to be required at the JWK
layer.


On Mon, Nov 10, 2014 at 10:14 AM, Jim Schaad <ietf@augustcellars.com> wrote:

> Based on email that has been sent to the list.  It appears that both
> Chrome and Firefox have fully implemented the “oth” parameter of RSA
> private keys.  They actually appear to require that it be present rather
> than be optional as the document specifies.  However this would mean to me
> that this parameters is used and you can clear you discuss on that basis.
>
>
>
> Jim
>
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>