Re: [jose] #74: Section 3.5 - "x5u" (X.509 URL) Header Parameter

["jose issue tracker" <trac+jose@trac.tools.ietf.org>]

#74: Section 3.5 - "x5u" (X.509 URL) Header Parameter

Description changed by ietf@augustcellars.com:

Old description:

> A. Move the 5280 reference to before the 'or'
>
> B. Who is the MUST requirement on for the identified resource - is this
> something that the consumer needs to verify is true?  Is there a reason
> to require consumers to do the chain building so that more complicated
> bags may be present?  What action does the consumer perform is this is
> not true?
>
> C. What happens if this JWK has only an x5u member in it?  Is this a
> legal construct?  How does one say that this matches the bare public key?
>
> D. The middle clause of the semi-colons should be a parenthetical on the
> first clause.
>
> * WON'T FIX - for the RFC Editor
>
> E. There are additional requirements imposed on the representation of
> members in the JWK and the contents of the certificate.  For example the
> use and alg need to be compatible.
>
> F. Need to make a trust statement about a key obtained this way.  As the
> URL is not authenticated in any way, it cannot be used to build an
> association between a subject and a key.
>
> * FIXED
>
> G. Need to note that the fact that a certificate chain has been returned
> does not mean anything about making a trust decision in the certificate.
>
> * WON'T FIX

New description:

 A. Move the 5280 reference to before the 'or'

 * WON'T FIX - see the rfc editor

 B. Who is the MUST requirement on for the identified resource - is this
 something that the consumer needs to verify is true?  Is there a reason to
 require consumers to do the chain building so that more complicated bags
 may be present?  What action does the consumer perform is this is not
 true?

 * DUP of #70

 C. What happens if this JWK has only an x5u member in it?  Is this a legal
 construct?  How does one say that this matches the bare public key?

 D. The middle clause of the semi-colons should be a parenthetical on the
 first clause.

 * WON'T FIX - for the RFC Editor

 E. There are additional requirements imposed on the representation of
 members in the JWK and the contents of the certificate.  For example the
 use and alg need to be compatible.

 F. Need to make a trust statement about a key obtained this way.  As the
 URL is not authenticated in any way, it cannot be used to build an
 association between a subject and a key.

 * FIXED

 G. Need to note that the fact that a certificate chain has been returned
 does not mean anything about making a trust decision in the certificate.

 * WON'T FIX

--

-- 
-------------------------+-------------------------------------------------
 Reporter:               |       Owner:  draft-ietf-jose-json-web-
  ietf@augustcellars.com |  key@tools.ietf.org
     Type:  defect       |      Status:  new
 Priority:  major        |   Milestone:
Component:  json-web-    |     Version:
  key                    |  Resolution:
 Severity:  -            |
 Keywords:               |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/74#comment:2>
jose <http://tools.ietf.org/jose/>