Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33

Mike Jones <> Tue, 14 October 2014 12:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 777181A87AD; Tue, 14 Oct 2014 05:44:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ir7CJO7O_yih; Tue, 14 Oct 2014 05:44:23 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::1:715]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2180D1A87A9; Tue, 14 Oct 2014 05:44:23 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1054.13; Tue, 14 Oct 2014 12:44:17 +0000
Received: from (2a01:111:f400:7c0c::165) by (2a01:111:e400:2c5d::39) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:44:18 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:44:17 +0000
Received: from ([]) by ([]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:43:40 +0000
From: Mike Jones <>
To: Scott Brim <>
Thread-Topic: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33
Thread-Index: Ac/nrHWN6f7a6rC9TZqiVfBmoAMaBQ==
Date: Tue, 14 Oct 2014 12:43:39 +0000
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(189002)(43784003)(377454003)(24454002)(13464003)(199003)(76104003)(51704005)(31966008)(84676001)(85806002)(47776003)(20776003)(86612001)(64706001)(4396001)(107046002)(2656002)(87936001)(50986999)(95666004)(21056001)(50466002)(230783001)(120916001)(66066001)(33656002)(86362001)(15975445006)(99396003)(85306004)(76482002)(44976005)(19580405001)(68736004)(69596002)(92566001)(92726001)(97736003)(46102003)(80022003)(6806004)(110136001)(19580395003)(54356999)(85852003)(81156004)(77096002)(106466001)(55846006)(104016003)(26826002)(23676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1205;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1205;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: "" <>, gen-art <>, "" <>
Subject: Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Oct 2014 12:44:25 -0000

Thanks again for your review, Scott.  Based upon our discussions, no changes were made to the -34 draft as a result of your comments.

				Thanks again,
				-- Mike

-----Original Message-----
From: jose [] On Behalf Of Mike Jones
Sent: Tuesday, September 30, 2014 3:27 PM
To: Scott Brim
Cc:; gen-art;
Subject: Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33

I agree with your observation about the surrounding protocol.  Thanks again for the time you put into reviewing the document.

				-- Mike

-----Original Message-----
From: Scott Brim []
Sent: Tuesday, September 30, 2014 12:59 PM
To: Mike Jones
Cc: gen-art;;
Subject: Re: gen-art telechat review of draft-ietf-jose-json-web-key-33

On Tue, Sep 30, 2014 at 2:29 PM, Mike Jones <> wrote:
> Minor issues:
>   More than once it is said that members that are not understood
>   should or must be ignored. Wouldn't this depend on context? Couldn't
>   there be uses of the data structure where a negative reply would be
>   needed if something is not understood, so the sender can adapt?
> This language is present so that extensions carrying additional 
> information can be added in a non-breaking fashion.  You’re right 
> that, in theory, a “must-understand” capability could be added for 
> particular fields, as was done for JOSE header parameters in 
> ion-4.1.11, but in practice, no working group member has come forward 
> saying they are aware of an application that needs this for key 
> representations.  Rather, the working group’s thoughts were that 
> multiple keys would be present in a JWK Set, some of which might not 
> be understood, but those that are understood would be used.  This 
> might be the case, for instance, when an entirely new key type (not 
> RSA, Elliptic Curve, or Symmetric) is invented and added at some point 
> in the future.
> Do you have a specific example in mind that requires a “must-understand”
> capability for key representations?

I don't do keys (this is gen-art, where reviews are often done by experienced generalists, not experts in the field), so it doesn't do any good asking me for text :-). Now that I think about it, I don't need what I'm looking for to be in this draft -- it could be in the larger context. Essentially it has to be possible (not required) for there to be some kind of feedback from whoever receives this to whoever sent it. That can be in the surrounding protocol.

>   In Section 4.3, you give the general principle that multiple
>   unrelated key operations shouldn't be specified for a key, and give
>   an example. Since this is a security issue of unknown magnitude (the
>   future isn't here yet), what do you think of removing uncertainty by
>   being more exhaustive in the principles and/or examples?
> This is a “SHOULD NOT” rather than a “MUST NOT” because there are 
> existing use cases in which the same RSA key is used for both signing and encryption.
> I’m not an expert in the underlying cryptography, but it’s my 
> understanding that this is quasi-OK for RSA because both RSA 
> signatures and RSA encryption actually are based on an RSA encryption 
> operation, and so what appears to be using a key being used for 
> unrelated operations actually isn’t under the covers, in this 
> particular case.  However, if you want to supply additional proposed 
> security considerations text on this issue (or possibly even better, 
> cite pertinent security considerations text in an existing RFC that we could reference), that would be appreciated.

OK, it seems the boundaries are clear to you and implementers who will read the RFC, which is all I ask.

Thanks ... Scott
jose mailing list