IETF Logo Mail Archive

[jose] JSON Web Key (JWK) Thumbprint is now RFC 7638

Mike Jones <Michael.Jones@microsoft.com> Tue, 08 September 2015 18:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 714FF1B303D for <jose@ietfa.amsl.com>; Tue, 8 Sep 2015 11:33:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vWaDvykP45dC for <jose@ietfa.amsl.com>; Tue, 8 Sep 2015 11:33:22 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0112.outbound.protection.outlook.com [65.55.169.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA48E1A907A for <jose@ietf.org>; Tue, 8 Sep 2015 11:33:20 -0700 (PDT)
Received: from BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) by BY2PR03MB425.namprd03.prod.outlook.com (10.141.141.139) with Microsoft SMTP Server (TLS) id 15.1.262.15; Tue, 8 Sep 2015 18:33:19 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.256.15; Tue, 8 Sep 2015 18:33:18 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0262.011; Tue, 8 Sep 2015 18:33:18 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JSON Web Key (JWK) Thumbprint is now RFC 7638
Thread-Index: AdDqZNQV9zvae8sOTsuIwzoQ1n4eiQ==
Date: Tue, 08 Sep 2015 18:33:17 +0000
Message-ID: <BY2PR03MB4426133A4DF20A82B9EE775F5530@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:5::454]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:PUK3oix/MnQWe1KSS31twM5XGuZ45qmkVlNLZ4oI0pzn2rzi9tj3fWMRCzfvwcCvPL1wqwFEZMSI2k/K4W7wdl4iEILjHxkJXf8HZRDvYdrdSYwfDcxVRv4iwdWCiD7/jaljNHCuV3qaBP5ta9BBaQ==; 24:x1MQj6SmTssMvwhbyC7dtVHydgTpoOPPZojJVA+nKPSV2pPaHbJoDFMrlN380d/rT4EpAdj1A0KPf7b+9zVY8hdb9CmVhGIVx09QSNFrDNE=; 20:xbQ1Ew5jrJY98S0uInQw2jFvypG74DOHDNzGtDq/tXt2lUxRPVzz5qLEpQ8Q27pJSQcxQj48ciQ5gDwrGFYqFA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB44328CE59CBA9FAB6B562ECF5530@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425018)(61425019)(601004)(2401001)(8121501046)(5005006)(3002001)(61426019)(61426018)(61427019)(61427018); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 069373DFB6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(189002)(199003)(33656002)(2900100001)(107886002)(86362001)(122556002)(40100003)(2351001)(5007970100001)(87936001)(19609705001)(5003600100002)(8990500004)(10290500002)(19617315012)(46102003)(64706001)(106356001)(10400500002)(15395725005)(5004730100002)(11100500001)(16236675004)(105586002)(76576001)(97736004)(229853001)(10090500001)(19625215002)(101416001)(5005710100001)(5001960100002)(2501003)(102836002)(92566002)(77096005)(4001540100001)(54356999)(5002640100001)(99286002)(68736005)(19580395003)(81156007)(5001860100001)(74316001)(5001830100001)(77156002)(50986999)(110136002)(450100001)(19300405004)(5001920100001)(62966003)(189998001)(15975445007)(86612001)(3826002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4426133A4DF20A82B9EE775F5530BY2PR03MB442namprd_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2015 18:33:17.9713 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
X-Microsoft-Exchange-Diagnostics: 1; BY2PR03MB425; 2:jVBmZcNslf8E/79rFoCXUtmMxXjsFiIziPASNKWPWK2V4+lMzRHwi8fn3uyVXIfwoj2o0dlUPcHpdPsE8pkc9PNwsSf56n1EB7kcqnNBYrva9WCDK9fpSYnaBPi5YDV1dl9kEYh8uXVkGPwnOc7Cgh3GySlGdpr8lC+Agyj5AGM=; 23:a5r9gdbL1/5Q5xTpDpsdOxmFdBgvgqdKtDRqf8yebUmieTUUkr3Tdgt3A+j5iUGPDFSQ/AenjOc+nfSMTC04pyI1d23t6iw0J93+fVRR365ip/VcuqHOoAES8n4zgdCSLo3zPprgt2wkrG4qvkiMkj2Fx1PmZVDS8ETpIJV435VB2V/yLgoXgtP/vY2zW/8Q
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/iMuU5fbWeuNhO7L2QjlKJ1BJ-ns>
Subject: [jose] JSON Web Key (JWK) Thumbprint is now RFC 7638
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 18:33:24 -0000

The JSON Web Key (JWK) Thumbprint specification is now RFC 7638<http://www.rfc-editor.org/info/rfc7638>.  The abstract describes the specification as follows:

This specification defines a method for computing a hash value over a JSON Web Key (JWK). It defines which fields in a JWK are used in the hash computation, the method of creating a canonical form for those fields, and how to convert the resulting Unicode string into a byte sequence to be hashed. The resulting hash value can be used for identifying or selecting the key represented by the JWK that is the subject of the thumbprint.

Thanks to James Manger<https://www.linkedin.com/pub/james-manger/3b/561/979>, John Bradley<http://www.thread-safe.com/>, and Nat Sakimura<http://nat.sakimura.org/>, all of whom participated in security discussions that led to the creation of this specification.  Thanks also to the JOSE working group<http://datatracker.ietf.org/wg/jose/charter/> members, chairs, area directors, and other IETF members who contributed to the specification.

A JWK Thumbprint is used as the "sub" (subject) claim value in OpenID Connect self-issued ID Tokens<http://openid.net/specs/openid-connect-core-1_0.html#SelfIssuedResponse>.

                                                            -- Mike

P.S.  This note was also posted as http://self-issued.info/?p=1446 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email