IETF Logo Mail Archive

Re: [jose] jwk

Axel Nennker <ignisvulpis@gmail.com> Mon, 29 October 2012 23:56 UTC

Return-Path: <ignisvulpis@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8AF721F86A1 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WN7gXHh5EHJf for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:56:06 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 976F121F8650 for <jose@ietf.org>; Mon, 29 Oct 2012 16:56:01 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hq12so2278334wib.13 for <jose@ietf.org>; Mon, 29 Oct 2012 16:56:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vbYAlBK5IkCifQ0tH/ib9CzPvrQ5DQJjpgkDkNEja/s=; b=Ta2k3HhFb1wBrH7i7rr1maQ51RtHp5fJMW6jtKAYcNngV600PS1U7HccqIPrlOF/UA F7y9FSUPDjVKglKntz5NoEli8AZftUykW1fzhiVh56tcpzBsa1yO31Hf+6duOVnIFBRI IcrtE7qpuZ3wpNz+tUon9PAXSRHiLfiKAPZxgpnhzC9ePd9XeJve8XS/9UbfYb6KzJrU oAmZFOPEVqYpn54sMLEfGmJ9N9u5rHeiuu+7y8IR9gkRic2euqSt5TdZWmSjYBjCaTlP dkXQsp8KMiZeQjW89YXxPNofq1G/luaWPQiHs8CMz2RI4LjkV4a8zQB+51Fd1SK4Dzwf 95cQ==
MIME-Version: 1.0
Received: by 10.216.207.170 with SMTP id n42mr16823042weo.173.1351554960645; Mon, 29 Oct 2012 16:56:00 -0700 (PDT)
Received: by 10.216.54.130 with HTTP; Mon, 29 Oct 2012 16:56:00 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943668828D9@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <CAHcDwFziH9QF1TgbywGzi2VPiwADpgdOxzrN1xtTN2pjLJOXOw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436687BCEB@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAHcDwFysxev670hgiq7HxSAsNQ+9vbw5727yoTfMQrBr2p+j8A@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943668828D9@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Tue, 30 Oct 2012 00:56:00 +0100
Message-ID: <CAHcDwFxy2f99Eb2Lz5jq0wpqWFSLOB5POG+uZZVWqtFAmF6mOA@mail.gmail.com>
From: Axel Nennker <ignisvulpis@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="0016e6dd8bd952de8604cd3b699a"
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] jwk
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 23:56:07 -0000

Encoding public keys as self-signed certs: That is a hack. Not that I am
opposed to hacks but this is too much.

2012/10/29 Mike Jones <Michael.Jones@microsoft.com>

>  “x5c” helps because you can represent a bare key as a self-signed cert
> in PEM format in the “x5c” parameter.  The JOSE specs already support
> PEM-encoded keys.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* Axel Nennker [mailto:ignisvulpis@gmail.com]
> *Sent:* Wednesday, October 24, 2012 2:14 PM
> *To:* Mike Jones
> *Cc:* jose@ietf.org
> *Subject:* Re: jwk****
>
> ** **
>
> In the case where I generate the keypair on the fly I do not have an URL
> to put in x5u. And a cert in not a public key. I want bare keys.
> I don't know how x5u and x5c help here.
>
> I have the problem that I don't know how to convert (exp,mod) into a
> pubkey on one platform (Firefox). I think that PEM is easier.
> I think the same might be true an other platforms too.
>
> Another reason I think that PEM is better is that there are command line
> tools to produce PEM-encoded keys while I don't know any tool to produce
> (exp, mod).
>
> --Axel****
>
> 2012/10/24 Mike Jones <Michael.Jones@microsoft.com>****
>
> To be clear, JWS and JWE already support the use of PEM encoded keys
> through the "x5c" and "x5u" parameters.  Therefore, I don't see any need to
> also add X.509-based key formats to JWK itself.****
>
>  ****
>
>                                                             -- Mike****
>
>  ****
>
> *From:* Axel Nennker [mailto:ignisvulpis@gmail.com]
> *Sent:* Wednesday, October 24, 2012 12:55 PM
> *To:* jose@ietf.org
> *Cc:* Mike Jones
> *Subject:* jwk****
>
>  ****
>
>
> I think that having more choices other than (xpo, mod) is useful.
> I believe that it is easier for me to implement keys in Firefox if I have
> PEM encoded keys.
>
> So the format could be:
>
> user_jwk : {"pub":
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI
> yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc
> n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk
> KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB"
> }
> // PEM encoded public key without linebreaks
>
> A more general format would be:
>
> jwk: { "-----BEGIN PUBLIC KEY-----":
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI
> yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc
> n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk
> KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB"
> }
>
> This general format could be used for private keys too.
>
> What do you think?
>
> Axel
>
> ps: Don't know whether I can post from this email address.... Mike, would
> you lease post it if it does appear in your inbox but not on the list.
> Thanks.****
>
> ** **
>

v2.23.0 | Report a Bug | By Email