Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]
Peter Saint-Andre <stpeter@stpeter.im> Fri, 08 February 2013 20:15 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660E921F8B9F for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 12:15:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svpq6QNN89V5 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 12:15:57 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id B4F2B21F8BF8 for <jose@ietf.org>; Fri, 8 Feb 2013 12:15:50 -0800 (PST)
Received: from [10.129.24.123] (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 525654004E; Fri, 8 Feb 2013 13:22:39 -0700 (MST)
Message-ID: <51155CF3.7060203@stpeter.im>
Date: Fri, 08 Feb 2013 13:15:47 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com> <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com> <CA+k3eCQqTpiTdDwdkqFNU9UApM8H4TjjkKq+XupSQuhLkbjRsg@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com> <0BC322C1-A6C5-46B8-BC2A-3A7E000952EF@ve7jtb.com> <CA+k3eCTi1Ss2grSALqZngtnCfv8ks0xRm_uXaeA7cdngua4_VQ@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411510A1F3@xmb-aln-x11.cisco.com> <BF7E36B9C495A6468E8EC573603ED9411511DB49@xmb-aln-x11.cisco.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED9411511DB49@xmb-aln-x11.cisco.com>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 20:15:58 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/8/13 11:47 AM, Matt Miller (mamille2) wrote: > After some off-list discussions, a couple of us believe it would > be worthwhile to somehow wrap a PKIX certificate chain in a JSON > Web Key. A couple of us are leaning toward a new JWK type to do > this. One impact, I think, is that anywhere we currently have "x5c" > (and potentially "x5t" and "x5u") are effectively replaced by an > actual JWK object. However, a few of us have other use cases where > a PKIX certificate JWK would solve some problems. > > Unless there's strong objection, Brian Campbell and I are likely > to start work on a new I-D that documents our musings. Sounds like a good idea. Not that you need anyone's permission to work on a non-WG Internet-Draft. :-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRFVzzAAoJEOoGpJErxa2p4CkP/AyqSYm8ryd9kjq11AsPxdjn 4IYynE02urlTcq7gr+4dX7nS7BcggPX77BxqOD+/4FDDaqnXjeCHFZa4UO1PCdfC 6WOaDSy20lz7sanVcaKy3Rlng70xVJXzqmp3AvcuYTeLniZr9NzJvlFDv96XxCV6 fl8UOWHDr8VEOHtcjaHaQdU7rwm8aszZzFp2oOtgnAvqC5TWfIVZHnz4YpTisieU 38ZOafXO+OH31dpa5xIkVC7bmWk3xNew+h7WHnoHfFdloS3/SFlqSoZVrQQ3V/Ed u4DzxPRHG0skbAN119IlKO6/nkYqtAIiRZ8Exq6SAc6NgBq4+D9g2BQ8yBKHttLW Vku/Wb6pc9WWO2GQ0Zjy7SsJC3BdxdozagyTsv8EOc85sZ5ZMC34gwYDHPyoG80S V/23qNQhjfKzuEsxjhVZ3q+XKZ+vjL79sMSpSwAKZ7trMdu/d7eH+KKM3jAoEbH8 ejb2JkFeKmprkDCbBMqXeygWyVHLHO5RQFV0Zudn+rvkQZvM5agE+U7RouN+Gvw6 6QuCEfE7SRiAkigPdqU+mPR45HuhaF8V6EZ8lyrqULHhFiYnUb/6rFOIHt6O2OdN OGSmt6kLqH9JiaUG6erGC0KAhQP9obeEPlp5cKMZDlfYgkzbxVylVA1SKCmIC2IN caqrzbQrFupevrJC9qP8 =3bg2 -----END PGP SIGNATURE-----
- [jose] issues with x5c in JWE Brian Campbell
- Re: [jose] issues with x5c in JWE John Bradley
- Re: [jose] issues with x5c in JWE Brian Campbell
- Re: [jose] issues with x5c in JWE Matt Miller (mamille2)
- Re: [jose] issues with x5c in JWE Mike Jones
- Re: [jose] issues with x5c in JWE John Bradley
- Re: [jose] issues with x5c in JWE Brian Campbell
- Re: [jose] issues with x5c in JWE Matt Miller (mamille2)
- [jose] Adding a X509/PKIX JWK type? [WAS: issues … Matt Miller (mamille2)
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… John Bradley
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Brian Campbell
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Salvatore D'Agostino
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Peter Saint-Andre
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Brian Campbell
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Richard Barnes
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… John Bradley
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Richard Barnes
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Matt Miller (mamille2)
- Re: [jose] Adding a X509/PKIX JWK type? [WAS: iss… Brian Campbell