IETF Logo Mail Archive

Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

"Jim Schaad" <ietf@augustcellars.com> Mon, 10 November 2014 23:12 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 467341ACFC7; Mon, 10 Nov 2014 15:12:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bMGEkyNIMRg; Mon, 10 Nov 2014 15:12:23 -0800 (PST)
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C88A1ACF90; Mon, 10 Nov 2014 15:12:23 -0800 (PST)
Received: from Philemon (dhcp-a75e.meeting.ietf.org [31.133.167.94]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id B97DF2CA26; Mon, 10 Nov 2014 15:12:21 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Justin Richer' <jricher@mit.edu>
References: <s1s2cvf8v1ycp0b4m8n9mugx.1415655105834@email.android.com>
In-Reply-To: <s1s2cvf8v1ycp0b4m8n9mugx.1415655105834@email.android.com>
Date: Mon, 10 Nov 2014 13:11:59 -1000
Message-ID: <03aa01cffd3b$bc18e680$344ab380$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_03AB_01CFFCE7.EA7031E0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQG+ydWlFvg8ElSkPaCLv2CqZIXQv5x847nQ
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/xO4LNTzWfip3f4iKPLt09QhUnNQ
Cc: iesg@ietf.org, jose@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 23:12:25 -0000

What level of testing have you done on this?

 

Jim

 

 

From: Justin Richer [mailto:jricher@mit.edu] 
Sent: Monday, November 10, 2014 11:32 AM
To: Jim Schaad; 'Richard Barnes'
Cc: iesg@ietf.org; jose@ietf.org; 'Stephen Farrell'
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

 

It's implemented in some libraries, such as the NimbusDS JOSE-JWT library on Java. However, I don't know of any uses in applications.

 

 

-- Justin

 

/ Sent from my phone /



-------- Original message --------
From: Jim Schaad <ietf@augustcellars.com> 
Date:11/10/2014 11:03 AM (GMT-10:00) 
To: 'Richard Barnes' <rlb@ipv.sx> 
Cc: iesg@ietf.org, jose@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie> 
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ 

Oh – your right.  My head is not processing fast enough.

 

In that case I don’t know of any implementation at the moment for the “oth” parameter

 

I am not sure if Stephen is going to force a removal based on that or not.

 

Jim

 

 

From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Monday, November 10, 2014 10:39 AM
To: Jim Schaad
Cc: jose@ietf.org; Stephen Farrell
Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/

 

What?  I can't speak for Chrome, but Firefox completely ignores the "oth" parameter.

http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoKey.cpp?from=PrivateKeyFromJwk#678

I think you're thinking of the extended, technically not-required RSA private parameters "p", "q", "dp", "dq", "qi".  Firefox and Chrome DO both require those, because the underlying library requires them and we didn't want to implement factoring above the library layer (at least for Firefox).

I'm not sure it makes sense for those parameters to be required at the JWK layer.

 

 

On Mon, Nov 10, 2014 at 10:14 AM, Jim Schaad <ietf@augustcellars.com> wrote:

Based on email that has been sent to the list.  It appears that both Chrome and Firefox have fully implemented the “oth” parameter of RSA private keys.  They actually appear to require that it be present rather than be optional as the document specifies.  However this would mean to me that this parameters is used and you can clear you discuss on that basis.

 

Jim

 


_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email