[jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
Mike Jones <Michael.Jones@microsoft.com> Wed, 28 August 2013 19:41 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D17621E8092 for <jose@ietfa.amsl.com>; Wed, 28 Aug 2013 12:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.435
X-Spam-Level:
X-Spam-Status: No, score=-3.435 tagged_above=-999 required=5 tests=[AWL=0.164, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNv3guiYNMMJ for <jose@ietfa.amsl.com>; Wed, 28 Aug 2013 12:41:17 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0154.outbound.protection.outlook.com [207.46.163.154]) by ietfa.amsl.com (Postfix) with ESMTP id 6247C21E8090 for <jose@ietf.org>; Wed, 28 Aug 2013 12:41:16 -0700 (PDT)
Received: from DM2PR03CA002.namprd03.prod.outlook.com (10.141.52.150) by BN1PR03MB171.namprd03.prod.outlook.com (10.255.200.150) with Microsoft SMTP Server (TLS) id 15.0.745.25; Wed, 28 Aug 2013 19:41:14 +0000
Received: from BY2FFO11FD026.protection.gbl (2a01:111:f400:7c0c::25) by DM2PR03CA002.outlook.office365.com (2a01:111:e400:2414::22) with Microsoft SMTP Server (TLS) id 15.0.745.25 via Frontend Transport; Wed, 28 Aug 2013 19:41:14 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD026.mail.protection.outlook.com (10.1.15.215) with Microsoft SMTP Server (TLS) id 15.0.745.15 via Frontend Transport; Wed, 28 Aug 2013 19:41:14 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.247]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.03.0136.001; Wed, 28 Aug 2013 19:40:23 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
Thread-Index: Ac6kJmzR8PcNQEnXTku3ej7sei82PQ==
Date: Wed, 28 Aug 2013 19:40:22 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.79]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454003)(13464003)(189002)(199002)(47776003)(63696002)(20776003)(83322001)(80976001)(19580405001)(6806004)(44976005)(74876001)(19580395003)(76176001)(81542001)(47976001)(47736001)(49866001)(81816001)(76786001)(76796001)(50986001)(4396001)(81686001)(81342001)(33656001)(51856001)(69226001)(66066001)(65816001)(80022001)(54356001)(76482001)(53806001)(59766001)(77982001)(56776001)(54316002)(74366001)(77096001)(56816003)(23676002)(46102001)(74502001)(74662001)(47446002)(83072001)(79102001)(31966008)(74706001)(50466002)(55846006); DIR:OUT; SFP:; SCL:1; SRVR:BN1PR03MB171; H:mail.microsoft.com; CLIP:131.107.125.37; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 09525C61DB
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Subject: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 19:41:23 -0000
This is a second issue in the issue tracker that I wanted to bring to the working group’s attention for discussion. My personal view is stated in the issue tracker comment below. -- Mike -----Original Message----- From: jose issue tracker [mailto:trac+jose@trac.tools.ietf.org] Sent: Wednesday, August 28, 2013 12:36 PM To: draft-ietf-jose-json-web-key@tools.ietf.org; Mike Jones Cc: jose@ietf.org Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set Format #82: Section 6. Encrypted JWK and Encrypted JWK Set Format Comment (by michael.jones@microsoft.com): This comment is about part A of this issue - the suggestion that private key material within a JWK be moved into a "private" element. While I understand the motivation for the suggestion, this doesn't seem like a necessary or particularly useful change. If an implementation leaks its private or shared key information by disclosing a JWK containing it to a party not entitled to have it, there's no security difference in whether that information is in a top-level member or a member of a "private" field. The information will have still been inappropriately disclosed. This suggestion is also ambiguously specified. While yes, the "d" elements of elliptic curve and RSA keys could be moved to be within a "private" structure, what would be done for the "k" element of a symmetric key? Would that also be moved into a "private" element? (At that point, there would be no symmetric key information at the top level of the JWK, which seems more than a little odd.) Finally, I'll note that the specs already clearly delineate public from private fields, through use of the Parameter Information Class value in the JSON Web Key Parameters registry (with values "Public" and "Private"). So there should be no confusion which is which. I therefore recommend that this suggestion be resolved as "wontfix". -- -------------------------+---------------------------------------------- -------------------------+--- Reporter: | Owner: draft-ietf-jose-json-web- ietf@augustcellars.com | key@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: key | Resolution: Severity: - | Keywords: | -------------------------+---------------------------------------------- -------------------------+--- Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/82#comment:1> jose <http://tools.ietf.org/jose/>
- [jose] FOR WG DISCUSSION: #82 part A - Possibly c… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Edmund Jay
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Brian Campbell
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Tim Bray
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Matias Woloski
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Naveen Agarwal
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… n-sakimura
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Jim Schaad
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Manger, James H
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones