IETF Logo Mail Archive

Re: [jose] Key Identifier

Hannes Tschofenig <Hannes.Tschofenig@nsn.com> Wed, 28 November 2012 07:00 UTC

Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F118521F85A1 for <jose@ietfa.amsl.com>; Tue, 27 Nov 2012 23:00:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OLL30hmCzQ1 for <jose@ietfa.amsl.com>; Tue, 27 Nov 2012 23:00:21 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA9B21F859D for <jose@ietf.org>; Tue, 27 Nov 2012 23:00:20 -0800 (PST)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id qAS70ENp031759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 28 Nov 2012 08:00:16 +0100
Received: from DEMUEXC047.nsn-intra.net ([10.159.32.93]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id qAS70EIJ014594; Wed, 28 Nov 2012 08:00:14 +0100
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by DEMUEXC047.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Wed, 28 Nov 2012 08:00:14 +0100
Received: from 10.144.246.139 ([10.144.246.139]) by FIESEXC035.nsn-intra.net ([10.159.0.182]) with Microsoft Exchange Server HTTP-DAV ; Wed, 28 Nov 2012 07:00:13 +0000
User-Agent: Microsoft-Entourage/12.35.0.121009
Date: Wed, 28 Nov 2012 09:00:12 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@nsn.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "jose@ietf.org" <jose@ietf.org>
Message-ID: <CCDB831C.E8D%Hannes.Tschofenig@nsn.com>
Thread-Topic: [jose] Key Identifier
Thread-Index: AQHNy8d0ku6cn6XRzEmtwuiZq1B1wJf+w3/QgAAQ9/8=
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366905D5D@TK5EX14MBXC283.redmond.corp.microsoft.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 28 Nov 2012 07:00:14.0162 (UTC) FILETIME=[03F04B20:01CDCD36]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 1635
X-purgate-ID: 151667::1354086016-000010BC-D38D53DB/0-0/0-0
Subject: Re: [jose] Key Identifier
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 07:00:22 -0000

Hi Mike, 

Thanks for the response.

If you indeed think that all header parameters can be configured out of band
(or guessed) then it would be good to state that assumption in the example.

For real-world practicability purposes I would assume that the key
identifier is present (regardless whether the keying material is statically
or dynamically provisioned). Somehow the right key has to be selected and
you want to make it robust (particularly when keys can be cached and
multiple keys may be used at the same time, for example, for key roll-over).

Ciao
Hannes

On 11/28/12 8:01 AM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:

> It may contain the key ID, or like many things OAuth, it may know which key to
> use by other means.  For instance, it may be supplied via dynamic
> registration.
> 
> -- Mike
> 
> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Hannes
> Tschofenig
> Sent: Monday, November 26, 2012 3:16 AM
> To: jose@ietf.org
> Cc: Hannes Tschofenig
> Subject: [jose] Key Identifier
> 
> Hi all, 
> 
> In Appendix A.1 of the JWS document there is an example with an HMAC SHA-256
> keyed message digest.
> 
> I would have assumed that the header contains the key id so that the
> receipient can actually verify it.
> 
> Ciao
> Hannes
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email