Re: [jose] Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)

Mike Jones <> Mon, 06 October 2014 07:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 49C551A1B70; Mon, 6 Oct 2014 00:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1q-j7-CFQA21; Mon, 6 Oct 2014 00:54:46 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8E5C91A1B65; Mon, 6 Oct 2014 00:54:45 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1044.10; Mon, 6 Oct 2014 07:54:44 +0000
Received: from (2a01:111:f400:7c0c::131) by (2a01:111:e400:1414::45) with Microsoft SMTP Server (TLS) id 15.0.1044.10 via Frontend Transport; Mon, 6 Oct 2014 07:54:43 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Mon, 6 Oct 2014 07:54:42 +0000
Received: from ([]) by ([]) with mapi id 14.03.0210.003; Mon, 6 Oct 2014 07:54:06 +0000
From: Mike Jones <>
To: Pete Resnick <>, The IESG <>
Thread-Topic: Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)
Thread-Index: AQHP3fz27j2HeJIuLkSHsNsq4jCedJwiEVnA
Date: Mon, 06 Oct 2014 07:54:05 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(189002)(51704005)(52044002)(377454003)(43784003)(13464003)(199003)(77096002)(81156004)(76482002)(47776003)(87936001)(23676002)(66066001)(31966008)(21056001)(50466002)(97736003)(95666004)(86612001)(4396001)(85306004)(106116001)(106466001)(80022003)(85852003)(44976005)(85806002)(68736004)(19580395003)(107046002)(92726001)(84676001)(69596002)(6806004)(10300001)(76176999)(230783001)(19580405001)(2656002)(20776003)(33656002)(99396003)(55846006)(86362001)(92566001)(120916001)(64706001)(15202345003)(50986999)(15975445006)(46102003)(54356999)(104016003)(26826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1202;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1202;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03569407CC
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: "" <>, "" <>, "" <>
Subject: Re: [jose] Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Oct 2014 07:54:49 -0000

Thanks for your review, Pete.  I've added the working group to the thread so they're aware of your comments.

> -----Original Message-----
> From: Pete Resnick []
> Sent: Wednesday, October 01, 2014 9:54 PM
> To: The IESG
> Cc:;
> Subject: Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with
> Pete Resnick has entered the following ballot position for
> draft-ietf-jose-json-web-key-33: Abstain
> When responding, please keep the subject line intact and reply to all email
> addresses included in the To and CC lines. (Feel free to cut this introductory
> paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Given my concerns with the other documents in this series, I'm not yet willing to
> ballot No Objection on this document. So I will Abstain, at least for the moment.
> We'll see how the rest of the discussion goes.
> Comments directly on this document:
> 4/5:
>    The member names within a JWK MUST be unique; recipients MUST either
>    reject JWKs with duplicate member names or use a JSON parser that
>    returns only the lexically last duplicate member name, as specified
>    in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
> That first MUST is bogus. You are allowing them not to be unique in the rest of
> the sentence. And it's not clear what you mean by "recipients"
> here. Sounds like you mean "parsers" or "interpreters". If it were me, I'd stick to
> the "MUST be unique" and be done with it, but either way this paragraph needs
> fixing.

The first MUST is a requirement on producers; the second is a requirement on consumers.  I propose to reword this text to make this more explicit.

This language has been extensively discussed in the working group and again as a result of Stephen Kent's secdir review.  For instance, see the thread "JWK member names, was: [jose] SECDIR review of draft-ietf-jose-json-web-key-31" in the JOSE mailing list archives, beginning on 9/12/14.  There was a whole JSON working group that created a new standards-track JSON spec (RFC 7159) that that decided *not* to prohibit parsers from accepting inputs with duplicate names.  JOSE doesn't have sufficient influence to change the JSON parsers that are actually deployed and available to developers.  As Richard Barnes pointed out during the telechat, the point of JOSE is to enable crypto with tools that people actually have and use.  If we rule out the use of existing parsers, we will have failed to meet that basic goal.

> 4.1: The second paragraph is redundant given the first paragraph; I'd delete it.

Actually, it's not.  The second paragraph says where the initial values are defined (Section 6.1 of JWA).

> And why do you need "use" at all given that you've got "key_ops"?

They are for different use cases.  Use is for public-key-only use cases and mirrors what other specs do in this regard.  key_ops was later added for WebCrypto, and is for use cases where any of public, private, or symmetric keys may be present.  The "use" member predates "key_ops" by several years and was already in widespread use before we added key_ops late in the game.  We talked about removing "use" but the working group was very much in favor of retaining it.

> 4.5:
>    The structure of the "kid" value is
>    unspecified.
> You should at least mention that this is a string. "The 'kid' value is a text string,
> but it's structure is otherwise unspecified." Or something like that.

It actually already does say "The "kid" value is a case-sensitive string".

> 4.6 (and 4.7-4.9):
>    If other members
>    are present, the contents of those members MUST be semantically
>    consistent with the related fields in the first certificate.
> This is a pretty silly use of MUST. If the answer to the question, "Why might
> someone do otherwise?" is "Because they're an idiot", you probably don't need
> the MUST.

Jim Schaad and others were in favor of adding this language when the "x5u", etc. parameters were added ... so that idiots aren't free to be idiots. :-)

> 5:
>    Implementations SHOULD ignore JWKs within a JWK Set that use "kty"
>    (key type) values that are not understood by them, are missing
>    required members, or for which values are out of the supported
>    ranges.
> I don't understand that SHOULD. This is completely dependent on what the
> implementation is doing. Unknown key types might be ignorable, but they might
> be vitally important. Why is this not a MAY?

This language also came from Jim Schaad.  The point is that when RSA and Elliptic Curve keys are eventually replaced by new key types, implementations should be prepared to have new key types appear in the set of advertised keys without breaking because they don't yet understand them.

> 5.1: Strike the last sentence. It's silly.

It describes a requirement of the JWK Set data format this is not otherwise described.

> 7: The first two sentences of the first paragraph and the first sentence of the
> second paragraph should be moved under Security Considerations; that's what
> this is. I'd delete the rest, as the encryption of any JSON object is handled by
> JWE.

The sentences you would like to move are introductory material motivating the descriptions of encrypted JWKs and JWK Sets and the recommendations to use them under these circumstances.

> You might mention the content type somewhere, but the way it is in the
> document now is way overdone, with the whole "MUST...unless construction.
> Simply make it:
>    The content type of "jwk+json" can be used for "cty" header of the JWE.
> if you must have something.

This specific language, using the "must ... unless" construction was a result of a specific working group discussion on this topic, so I'm reluctant to tinker with it.  For instance, your "can" language loses the "must ... unless" sense that some working group members insisted upon.

				Thanks again,
				-- Mike