Re: [jose] December 27, 2012 JOSE Release

"Vladimir Dzhuvinov / NimbusDS" <> Tue, 08 January 2013 11:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A034A21F86C3 for <>; Tue, 8 Jan 2013 03:42:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_43=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id E4SsYjp+A20u for <>; Tue, 8 Jan 2013 03:42:23 -0800 (PST)
Received: from ( []) by (Postfix) with SMTP id 46C3D21F869A for <>; Tue, 8 Jan 2013 03:42:22 -0800 (PST)
Received: (qmail 22885 invoked from network); 8 Jan 2013 11:42:19 -0000
Received: from unknown (HELO localhost) ( by with SMTP; 8 Jan 2013 11:42:08 -0000
Received: (qmail 13171 invoked by uid 99); 8 Jan 2013 11:42:08 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
User-Agent: Workspace Webmail 5.6.30
Message-Id: <>
From: Vladimir Dzhuvinov / NimbusDS <>
To: "" <>
Date: Tue, 08 Jan 2013 04:42:07 -0700
Mime-Version: 1.0
Subject: Re: [jose] December 27, 2012 JOSE Release
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Jan 2013 11:42:24 -0000

Thank you guys for this update. I just released a new version of the
Java JOSE+JWT library that incorporates all the latest changes in the
JOSE -08 suite as well as the JWT -06 draft:

I'm still looking for a contributor to help out with the JWE alg

The JPSK draft looks like a useful development and I intend to code it
into the library eventually.

BTW, the [JPSK] ref link in draft-ietf-jose-json-web-key-08#section-9.2
appears to be broken.



Vladimir Dzhuvinov : :

-------- Original Message --------
Subject: [jose] December 27, 2012 JOSE Release
From: Mike Jones <>
Date: Sat, December 29, 2012 1:07 am
To: "" <>

  New versions of the JOSE specs have been released incorporating
feedback since IETF 85 in Atlanta.  The highlight of this release is the
new  JSON Private and Symmetric Key spec, which extends JWKs to be able
to represent private and symmetric keys.  These sensitive keys can then
be protected for transmission and storage by JWE encryption of their JWK
 One new feature added to JWK is the ability to optionally specify which
specific algorithm the key is intended to be used with.  (This is
already existing practice for keys in X.509 format.)  For instance, a
symmetric key might be annotated to say that it is to be used with the
“HS256” algorithm.  Because the natural field name for this
functionality is “alg”, the “alg” name is now used for this
purpose (matching JWS and JWE) and the key type (formerly “alg”) is
now denoted by the “kty” field.
 This release incorporates editorial improvements suggested by Jeff
Hodges and Hannes Tschofenig in their reviews of the JWT specification. 
Many of these simplified the terminology usage.  See the Document
History section of each specification for more details about the changes
 This release is part of a coordinated release of JOSE, OAuth, and
OpenID Connect specifications.  You can read about the other releases
here:  OAuth Release Notes,  OpenID Connect Release Notes.
 The new specification versions are:
 HTML formatted versions are available at:
                                                             -- Mike
jose mailing list