IETF Logo Mail Archive

Re: [jose] PKCS #11 for JWK

Vladimir Dzhuvinov <vladimir@connect2id.com> Fri, 07 July 2017 14:24 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B5E12EC23 for <jose@ietfa.amsl.com>; Fri, 7 Jul 2017 07:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.419
X-Spam-Level:
X-Spam-Status: No, score=-0.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_WEB=1.5, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id irnW4EGzpuUR for <jose@ietfa.amsl.com>; Fri, 7 Jul 2017 07:24:02 -0700 (PDT)
Received: from p3plsmtpa07-08.prod.phx3.secureserver.net (p3plsmtpa07-08.prod.phx3.secureserver.net [173.201.192.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58D02129ABE for <jose@ietf.org>; Fri, 7 Jul 2017 07:24:02 -0700 (PDT)
Received: from [192.168.43.252] ([212.5.158.160]) by :SMTPAUTH: with SMTP id TUAIdiOHyznf6TUAJd5Wov; Fri, 07 Jul 2017 07:23:31 -0700
To: Nathaniel McCallum <npmccallum@redhat.com>, jose@ietf.org
Cc: Nikos Mavrogiannopoulos <nmav@redhat.com>, Daiki Ueno <dueno@redhat.com>, "Sorce, Simo" <simo@redhat.com>
References: <CAOASepNR_1XjDaCHUyLL_o63EvBcQ6L1TyeMhdUzrbmtYSWRNg@mail.gmail.com> <CAOASepOjSo_Lr4x3rzbPh0gxifh_csHY0d08hpRcSCeF0e+OwA@mail.gmail.com>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Organization: Connect2id Ltd.
Message-ID: <e5cb68fc-2ff4-e0da-c7ff-660c0bd9a35c@connect2id.com>
Date: Fri, 07 Jul 2017 16:23:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CAOASepOjSo_Lr4x3rzbPh0gxifh_csHY0d08hpRcSCeF0e+OwA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms050300030507070809030405"
X-CMAE-Envelope: MS4wfNKIVOnNV0utvvQcqbjG7mAMIKQJqmxVMBPMRsxOsly9F8CeYGfjwITHV8HuC4Tnc7qJZK6DfirnnC9y+iSzxIortv1W6+HXjBcEyw3osVlBR8lp374K k/tGYukmaJUmzAOcSN1KSprEV1OxmGrJgRL5U5gDLY+QEwEDj5Y3wZs0y0EY3Cq04glBR903FDUYZoNSX+ix9r8bOCg1xn0ma0pwpzsTMqtyFPm8DtghlEia UYTG6Vya+/u4CtHgrCVV8e9w41vDQf+4w7qax87N3rBYWmNnhk5YnWaNf9tax3be
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/UvuRmMXx_7E-KuEXtQJAtVa3s1U>
Subject: Re: [jose] PKCS #11 for JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 14:24:03 -0000

Regarding section 4 of the proposed -01 spec:

When dealing with "oct" JWKs, shouldn't the PKCS#11 URI type parameter
become "secret-key"?

Vladimir


On 05/07/17 21:01, Nathaniel McCallum wrote:
> I have updated the draft from the comments everyone has provided.
> However, document uploads are currently locked due to the IETF
> meeting, so I have attached the document here. Your feedback is
> greatly appreciated.
>
> On Fri, Jun 30, 2017 at 5:33 PM, Nathaniel McCallum
> <npmccallum@redhat.com> wrote:
>> I have prepared an initial stab at a draft for offloading JWK private
>> key data to PKCS #11.
>>
>> You can find the document here:
>>    https://www.ietf.org/id/draft-mccallum-jose-pkcs11-jwk-00.txt
>>
>> Thanks for your consideration!

v2.23.0 | Report a Bug | By Email