[jose] JOSE and PKCS11

"Stefan Berger" <stefanb@us.ibm.com> Thu, 01 November 2018 22:32 UTC

Return-Path: <stefanb@us.ibm.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6D266129AB8 for <jose@ietfa.amsl.com>; Thu, 1 Nov 2018 15:32:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.499
X-Spam-Status: No, score=0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, KHOP_DYNAMIC=1.999, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hHs3l26iCJ8Y for <jose@ietfa.amsl.com>; Thu, 1 Nov 2018 15:32:33 -0700 (PDT)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D710F1298C5 for <jose@ietf.org>; Thu, 1 Nov 2018 15:32:32 -0700 (PDT)
Received: from pps.filterd (m0098413.ppops.net []) by mx0b-001b2d01.pphosted.com ( with SMTP id wA1MNp4s004723 for <jose@ietf.org>; Thu, 1 Nov 2018 18:32:32 -0400
Received: from smtp.notes.na.collabserv.com (smtp.notes.na.collabserv.com []) by mx0b-001b2d01.pphosted.com with ESMTP id 2ng8vrkg5x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <jose@ietf.org>; Thu, 01 Nov 2018 18:32:32 -0400
Received: from localhost by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for <jose@ietf.org> from <stefanb@us.ibm.com>; Thu, 1 Nov 2018 22:32:31 -0000
Received: from us1a3-smtp06.a3.dal06.isc4sb.com ( by smtp.notes.na.collabserv.com ( with smtp.notes.na.collabserv.com ESMTP; Thu, 1 Nov 2018 22:32:28 -0000
Received: from us1a3-mail155.a3.dal06.isc4sb.com ([]) by us1a3-smtp06.a3.dal06.isc4sb.com with ESMTP id 2018110122322768-1068281 ; Thu, 1 Nov 2018 22:32:27 +0000
From: "Stefan Berger" <stefanb@us.ibm.com>
To: jose@ietf.org
Date: Thu, 1 Nov 2018 22:32:27 +0000
MIME-Version: 1.0
Importance: Normal
X-Priority: 3 (Normal)
X-Mailer: IBM Verse Build 16616-1491 | IBM Domino Build SCN1812108_20180501T0841_FP7 September 27, 2018 at 13:56
X-LLNOutbound: False
X-Disclaimed: 60343
X-TNEFEvaluated: 1
x-cbid: 18110122-9951-0000-0000-00000A22BFB1
X-IBM-SpamModules-Scores: BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.439231; ST=0; TS=0; UL=0; ISC=; MB=0.000057
X-IBM-SpamModules-Versions: BY=3.00009968; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000268; SDB=6.01111288; UDB=6.00575889; IPR=6.00891380; BA=6.00006135; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00023997; XFM=3.00000015; UTC=2018-11-01 22:32:29
X-IBM-AV-DETECTION: SAVI=unsuspicious REMOTE=unsuspicious XFE=unused
X-IBM-AV-VERSION: SAVI=2018-11-01 17:53:27 - 6.00009166
x-cbparentid: 18110122-9952-0000-0000-0000005C033C
Message-Id: <OF5CBAD5FA.DA05866D-ON00258338.007B994B-00258338.007BD260@notes.na.collabserv.com>
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-01_16:, , signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/rMOnisc4uKk82hPMxJ-NI0GmLYk>
Subject: [jose] JOSE and PKCS11
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 22:32:34 -0000

I was wondering whether the integration of JOSE with PKCS11 was not considered for some reason or it was an omission. One could describe private keys of hardware devices using the PKCS 11 URI scheme (https://tools.ietf.org/html/rfc7512" rel="noopener nofollow" target="_blank">https://tools.ietf.org/html/rfc7512)  and reflect those in the JWE recipients header, for example, to use such a device for key unwrapping. It may be as easy as adding pkcs11 field(s) to the JOSE parameters (https://www.iana.org/assignments/jose/jose.xhtml" rel="noopener nofollow" target="_blank">https://www.iana.org/assignments/jose/jose.xhtml)