Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]

Peter Saint-Andre <stpeter@stpeter.im> Fri, 08 February 2013 20:15 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660E921F8B9F for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 12:15:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svpq6QNN89V5 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 12:15:57 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id B4F2B21F8BF8 for <jose@ietf.org>; Fri, 8 Feb 2013 12:15:50 -0800 (PST)
Received: from [10.129.24.123] (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 525654004E; Fri, 8 Feb 2013 13:22:39 -0700 (MST)
Message-ID: <51155CF3.7060203@stpeter.im>
Date: Fri, 08 Feb 2013 13:15:47 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com> <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com> <CA+k3eCQqTpiTdDwdkqFNU9UApM8H4TjjkKq+XupSQuhLkbjRsg@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com> <0BC322C1-A6C5-46B8-BC2A-3A7E000952EF@ve7jtb.com> <CA+k3eCTi1Ss2grSALqZngtnCfv8ks0xRm_uXaeA7cdngua4_VQ@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411510A1F3@xmb-aln-x11.cisco.com> <BF7E36B9C495A6468E8EC573603ED9411511DB49@xmb-aln-x11.cisco.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED9411511DB49@xmb-aln-x11.cisco.com>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Adding a X509/PKIX JWK type? [WAS: issues with x5c in JWE]
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 20:15:58 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/8/13 11:47 AM, Matt Miller (mamille2) wrote:
> After some off-list discussions, a couple of us believe it would
> be worthwhile to somehow wrap a PKIX certificate chain in a JSON
> Web Key.  A couple of us are leaning toward a new JWK type to do
> this. One impact, I think, is that anywhere we currently have "x5c"
> (and potentially "x5t" and "x5u") are effectively replaced by an
> actual JWK object.  However, a few of us have other use cases where
> a PKIX certificate JWK would solve some problems.
> 
> Unless there's strong objection, Brian Campbell and I are likely
> to start work on a new I-D that documents our musings.

Sounds like a good idea.

Not that you need anyone's permission to work on a non-WG
Internet-Draft. :-)

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRFVzzAAoJEOoGpJErxa2p4CkP/AyqSYm8ryd9kjq11AsPxdjn
4IYynE02urlTcq7gr+4dX7nS7BcggPX77BxqOD+/4FDDaqnXjeCHFZa4UO1PCdfC
6WOaDSy20lz7sanVcaKy3Rlng70xVJXzqmp3AvcuYTeLniZr9NzJvlFDv96XxCV6
fl8UOWHDr8VEOHtcjaHaQdU7rwm8aszZzFp2oOtgnAvqC5TWfIVZHnz4YpTisieU
38ZOafXO+OH31dpa5xIkVC7bmWk3xNew+h7WHnoHfFdloS3/SFlqSoZVrQQ3V/Ed
u4DzxPRHG0skbAN119IlKO6/nkYqtAIiRZ8Exq6SAc6NgBq4+D9g2BQ8yBKHttLW
Vku/Wb6pc9WWO2GQ0Zjy7SsJC3BdxdozagyTsv8EOc85sZ5ZMC34gwYDHPyoG80S
V/23qNQhjfKzuEsxjhVZ3q+XKZ+vjL79sMSpSwAKZ7trMdu/d7eH+KKM3jAoEbH8
ejb2JkFeKmprkDCbBMqXeygWyVHLHO5RQFV0Zudn+rvkQZvM5agE+U7RouN+Gvw6
6QuCEfE7SRiAkigPdqU+mPR45HuhaF8V6EZ8lyrqULHhFiYnUb/6rFOIHt6O2OdN
OGSmt6kLqH9JiaUG6erGC0KAhQP9obeEPlp5cKMZDlfYgkzbxVylVA1SKCmIC2IN
caqrzbQrFupevrJC9qP8
=3bg2
-----END PGP SIGNATURE-----