Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33

Mike Jones <> Tue, 30 September 2014 22:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2575E1ACC83; Tue, 30 Sep 2014 15:28:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2JWkvhvgDkYV; Tue, 30 Sep 2014 15:28:32 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::1:779]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A39451AC82C; Tue, 30 Sep 2014 15:28:31 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1039.15; Tue, 30 Sep 2014 22:28:08 +0000
Received: from (2a01:111:f400:7c10::1:198) by (2a01:111:e400:1414::22) with Microsoft SMTP Server (TLS) id 15.0.1039.15 via Frontend Transport; Tue, 30 Sep 2014 22:28:07 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 30 Sep 2014 22:28:07 +0000
Received: from ([]) by ([]) with mapi id 14.03.0195.002; Tue, 30 Sep 2014 22:27:26 +0000
From: Mike Jones <>
To: Scott Brim <>
Thread-Topic: gen-art telechat review of draft-ietf-jose-json-web-key-33
Thread-Index: AQHP3Cmni2P6B05o4kyE6MMT8oxGa5wZ+9EAgAAdvACAAClWIA==
Date: Tue, 30 Sep 2014 22:27:25 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(24454002)(76104003)(199003)(377454003)(13464003)(189002)(51704005)(43784003)(95666004)(120916001)(33656002)(104016003)(50986999)(106116001)(86612001)(46102003)(76482002)(99396003)(80022003)(97736003)(81156004)(106466001)(10300001)(110136001)(85306004)(54356999)(26826002)(76176999)(55846006)(84676001)(31966008)(107046002)(68736004)(77096002)(2656002)(230783001)(21056001)(44976005)(19580395003)(4396001)(23676002)(66066001)(92566001)(47776003)(87936001)(6806004)(64706001)(69596002)(86362001)(15975445006)(50466002)(85852003)(92726001)(19580405001)(20776003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB1212;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB1212;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0350D7A55D
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: "" <>, gen-art <>, "" <>
Subject: Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Sep 2014 22:28:34 -0000

I agree with your observation about the surrounding protocol.  Thanks again for the time you put into reviewing the document.

				-- Mike

-----Original Message-----
From: Scott Brim [] 
Sent: Tuesday, September 30, 2014 12:59 PM
To: Mike Jones
Cc: gen-art;;
Subject: Re: gen-art telechat review of draft-ietf-jose-json-web-key-33

On Tue, Sep 30, 2014 at 2:29 PM, Mike Jones <> wrote:
> Minor issues:
>   More than once it is said that members that are not understood
>   should or must be ignored. Wouldn't this depend on context? Couldn't
>   there be uses of the data structure where a negative reply would be
>   needed if something is not understood, so the sender can adapt?
> This language is present so that extensions carrying additional 
> information can be added in a non-breaking fashion.  You’re right 
> that, in theory, a “must-understand” capability could be added for 
> particular fields, as was done for JOSE header parameters in 
> ion-4.1.11, but in practice, no working group member has come forward 
> saying they are aware of an application that needs this for key 
> representations.  Rather, the working group’s thoughts were that 
> multiple keys would be present in a JWK Set, some of which might not 
> be understood, but those that are understood would be used.  This 
> might be the case, for instance, when an entirely new key type (not 
> RSA, Elliptic Curve, or Symmetric) is invented and added at some point 
> in the future.
> Do you have a specific example in mind that requires a “must-understand”
> capability for key representations?

I don't do keys (this is gen-art, where reviews are often done by experienced generalists, not experts in the field), so it doesn't do any good asking me for text :-). Now that I think about it, I don't need what I'm looking for to be in this draft -- it could be in the larger context. Essentially it has to be possible (not required) for there to be some kind of feedback from whoever receives this to whoever sent it. That can be in the surrounding protocol.

>   In Section 4.3, you give the general principle that multiple
>   unrelated key operations shouldn't be specified for a key, and give
>   an example. Since this is a security issue of unknown magnitude (the
>   future isn't here yet), what do you think of removing uncertainty by
>   being more exhaustive in the principles and/or examples?
> This is a “SHOULD NOT” rather than a “MUST NOT” because there are 
> existing use cases in which the same RSA key is used for both signing and encryption.
> I’m not an expert in the underlying cryptography, but it’s my 
> understanding that this is quasi-OK for RSA because both RSA 
> signatures and RSA encryption actually are based on an RSA encryption 
> operation, and so what appears to be using a key being used for 
> unrelated operations actually isn’t under the covers, in this 
> particular case.  However, if you want to supply additional proposed 
> security considerations text on this issue (or possibly even better, 
> cite pertinent security considerations text in an existing RFC that we could reference), that would be appreciated.

OK, it seems the boundaries are clear to you and implementors who will read the RFC, which is all I ask.

Thanks ... Scott