Re: [OAUTH-WG] Disable JWK "use" parameter for octet sequence keys?
Brian Campbell <bcampbell@pingidentity.com> Mon, 20 April 2015 18:08 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1567A1B2CD4 for <oauth@ietfa.amsl.com>; Mon, 20 Apr 2015 11:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9NzhpQG1Eba for <oauth@ietfa.amsl.com>; Mon, 20 Apr 2015 11:08:03 -0700 (PDT)
Received: from mail-ig0-f170.google.com (na3sys009aog104.obsmtp.com [74.125.149.73]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9E631B2CD9 for <oauth@ietf.org>; Mon, 20 Apr 2015 11:08:02 -0700 (PDT)
Received: from mail-ig0-f170.google.com ([209.85.213.170]) (using TLSv1) by na3sys009aob104.postini.com ([74.125.148.12]) with SMTP ID DSNKVTVAgUXafTWc8+CqTvNnHbpuHSTfjU5b@postini.com; Mon, 20 Apr 2015 11:08:02 PDT
Received: by igbyr2 with SMTP id yr2so66610418igb.0 for <oauth@ietf.org>; Mon, 20 Apr 2015 11:08:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QyLL8A50YE2e25pey7UdoVrphSwMYX01EByGUQ90nS0=; b=MdahZ69jlN/A79Gw4RE2ycR5+Nmzlr1PHAUle5irsWec8HGTvgKE+uV5r5KJgUwIlp E2QWFI7XRomtsxTJru4sE9TdsWepXQZCEtWHjDlkJKE16MHcNaYi+d004iUizIrHBI4x bWw4b4dbFd+I1jE+rsa4tgUnyrIbvCEeli8cbG+4mjJszgz1OjSO0OkG5epD1AJ0m4pE ARmpbtIYokCS0PBOSH0hvpmDX4xHLv4bv3s5bL8PgaUEQMHTdV2r1vvQJWUYIpM3AXNZ VkVh6wBViMPqCLDCC30NukuDCQiGAfLxajQkcDS7GZXrUTph1R6Qe3XUCUF2Wk5UqFQ9 yqDQ==
X-Gm-Message-State: ALoCoQn+4dhwvu3alzqPNTByFu1L5TvGJ4xDzos2RxDJZMK9jasYfIU6sgypi693gx6hS9SvZhQnYJpa//5M/fU4yj6Ga/brEmeTqj7sDa9yeuuAMqXeOlx1kDWmIupJHWDM+QYm60Dr
X-Received: by 10.107.41.72 with SMTP id p69mr23169543iop.58.1429553281532; Mon, 20 Apr 2015 11:08:01 -0700 (PDT)
X-Received: by 10.107.41.72 with SMTP id p69mr23169534iop.58.1429553281444; Mon, 20 Apr 2015 11:08:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.240.15 with HTTP; Mon, 20 Apr 2015 11:07:30 -0700 (PDT)
In-Reply-To: <55337CEE.2090605@connect2id.com>
References: <55337CEE.2090605@connect2id.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 20 Apr 2015 12:07:30 -0600
Message-ID: <CA+k3eCSOftiVg=ANtUFFMGUJpkRwgRcqeyNkpZXsayzXhFamOA@mail.gmail.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
Content-Type: multipart/alternative; boundary="001a1141f3c4874d7505142bcf65"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/2cHk5XiRyy-WSDLvxL2-2NRQpLA>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Disable JWK "use" parameter for octet sequence keys?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 18:08:07 -0000
IMHO "use" is less useful for JWKs of type "oct" but not to the point of disallowing it. Your question is probably better suited for the JOSE WG list though, rather than OAUTH. On Sun, Apr 19, 2015 at 4:01 AM, Vladimir Dzhuvinov <vladimir@connect2id.com > wrote: > A developer working with the Nimbus jose+jwt library raised the question > whether setting of the public "use" [1] parameter should be disabled for > JWKs of type "oct". This appears to make sense, even though the JWA spec > [2] doesn't mention it. Is this correct? > > Thanks, > > Vladimir > > [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-key-40#section-4.2 > [2] > > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-6.4 > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Disable JWK "use" parameter for octet … Vladimir Dzhuvinov
- Re: [OAUTH-WG] Disable JWK "use" parameter for oc… Brian Campbell
- Re: [OAUTH-WG] Disable JWK "use" parameter for oc… Vladimir Dzhuvinov