[jose] Whiteboard Discussion MInutes

"Matt Miller (mamille2)" <mamille2@cisco.com> Thu, 15 November 2012 18:25 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 806BC21F845E for <jose@ietfa.amsl.com>; Thu, 15 Nov 2012 10:25:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id HtQ+yYl3S+3s for <jose@ietfa.amsl.com>; Thu, 15 Nov 2012 10:25:08 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com []) by ietfa.amsl.com (Postfix) with ESMTP id C894121F8428 for <jose@ietf.org>; Thu, 15 Nov 2012 10:25:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6376; q=dns/txt; s=iport; t=1353003906; x=1354213506; h=from:to:subject:date:message-id:mime-version; bh=T2uU5ftQoUFJ5U/fTHsbmLwYNhu7KTqAFMB0UPQ3hnQ=; b=d61ILSJhAeVv2YNSggaiwRWul0GwC3KE3m3k/OwkbdMKJD60R7ymb5UZ ZZQIWDHOdgJrtuNhEClrQaY1tmpEaHxAHX5MdrI8e2vpA9tZJ06b5P2Il VKntzjhjPlmXcrQ4iT/kvArb/hqOkSpcEP6keUO5o+gBkv7PvifHZKMo1 I=;
X-Files: smime.p7s : 2214
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhsJABgzpVCtJV2a/2dsb2JhbABEwj6BAQeCIAEEEgF4ASoOGDAnBBMIBhSHawubToEroAiPOIJEYQOOe4EhlDiBa4JvgVskGg
X-IronPort-AV: E=McAfee;i="5400,1158,6897"; a="142854784"
Received: from rcdn-core-3.cisco.com ([]) by rcdn-iport-2.cisco.com with ESMTP; 15 Nov 2012 18:25:04 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com []) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id qAFIP4ON030156 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <jose@ietf.org>; Thu, 15 Nov 2012 18:25:04 GMT
Received: from xmb-aln-x11.cisco.com ([]) by xhc-rcd-x12.cisco.com ([]) with mapi id 14.02.0318.001; Thu, 15 Nov 2012 12:25:04 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: Whiteboard Discussion MInutes
Thread-Index: AQHNw16Hmd7Xf4G7rk2GDVnD14/Byg==
Date: Thu, 15 Nov 2012 18:25:03 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED94115091840@xmb-aln-x11.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--28.965100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; boundary="Apple-Mail=_6712D70F-CB07-41C6-AB50-84B09CBB3CA5"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Subject: [jose] Whiteboard Discussion MInutes
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2012 18:25:09 -0000

[ I urge the original participants to correct any omissions or glaring mistakes ]

* Richard Barnes
* John Bradley
* Joe Hildebrand
* Michael Jones
* Matt Miller
* Jim Schaad

"What's a JOSE"

We started with a discussion of what the areas of concerns for JOSE are (established or otherwise):

* public key
* private key
* symmetric key
* sign
* encrypt
* wrapped keys
* passphrase-based wrapping
* algorithms
* extensibility
* common attributes
* serialization/syntax

Regarding Keys

There was also discussion on whether wrapped keys were their own top-level object, or an application of JWE.  With this discussion, there was rough consensus that keys (including symmetric keys) should have the ability to include additional information (e.g. "expires" ).

For top-level, this is approximately as presented in the WG:
  "jwk":{ ... },
  "val":base64url(pk-encrypt(jku, symmetric key value))

For JWE application, the key would have a JWK representation:
  "key":base64url(symmetric key value)

Which is then serialized to UTF-8 and used as the plaintext into JWE.

Given this, there was very rough consensus that we pursue the "wrapped keys as JWE application" path, although it was suggested Richard provide a more concrete example of the top-level model.

Regarding Encrypted Private Keys

There was discussion and consensus on adding support for PBKDF2 to derive a symmetric key from a password.  The details are to be worked out as part of the wrapped key document.

Regarding Organization

There was discussion on the organization of items, and whether the current documentation is sufficient.  While there was no consensus on what the best layout is, there was also no consensus on changing anything.

Work Items

There was rough consensus on the following outputs, assuming no objections from the rest of the WG:

* A document extending "RSA" and "EC" with the private key factors, plus a new JWK for symmetric keys.  Tentatively to be done by Mike Jones, starting with draft-jones-jose-json-private-key
* A document that applies JWE to protecting keys (as JWK objects), and defines an algorithm that uses PBKDF2 for passphrase-based protection.  Tentatively to be done by Matt Miller.

- m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

PS: If you are interested in the cryptic notes, the images are temporarily available at < http://outer-planes.net/ietf/ietf85-josewg/ >.