Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02
Brian Campbell <bcampbell@pingidentity.com> Wed, 25 March 2015 14:37 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A20031A1B77 for <oauth@ietfa.amsl.com>; Wed, 25 Mar 2015 07:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEnOUY5qyMFs for <oauth@ietfa.amsl.com>; Wed, 25 Mar 2015 07:37:42 -0700 (PDT)
Received: from na3sys009aog113.obsmtp.com (na3sys009aog113.obsmtp.com [74.125.149.209]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC94D1A1BED for <oauth@ietf.org>; Wed, 25 Mar 2015 07:37:31 -0700 (PDT)
Received: from mail-ig0-f179.google.com ([209.85.213.179]) (using TLSv1) by na3sys009aob113.postini.com ([74.125.148.12]) with SMTP ID DSNKVRLIKxeshCKWgqpyPOXgmTc90HNSP33C@postini.com; Wed, 25 Mar 2015 07:37:32 PDT
Received: by igcau2 with SMTP id au2so102812772igc.0 for <oauth@ietf.org>; Wed, 25 Mar 2015 07:37:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=igTo5tBlRcWYRo6aTQTc5ebMZT0qPCTJvcFAzsVu1Fw=; b=K/gN9GfTaGR249cDPNzJJluZqhcwO1kfon2GiiAXCNtFAc4HWIscaxdzExOcUZz8lO E28th7TMxFgh2ZpwLUtcbMopzZRh8xZWKRiQDyhrUcae63MY3KFY2nzZCmnmvozwEgzx xJdwRI8o+0G8SpvKuXvMhWcW34Jd2bzeqKTr4N4K6kv220z1LLbm2LrDAVTehKwdjDOa 0ztEuOSqNNpJSS45IYPUoHPiSaPajzzQn7nY1Kjkc0S6GrzqsL15bzJbkS1UI3wFi3PO TKItTPWnRU+s6HWGAeHOrN9GU/AmeQfnf842gEDTIQXdbqbuhNixoHBIWryMPj3RxNF7 oFJg==
X-Gm-Message-State: ALoCoQmYc/jjYyueOGsTygOQKSszDR9K5jhEgJXqfn9yh+Dy303GcLQRq4fpx08vQdQdZtoSK6+8TzXVM2G9c9EBawF3qvAg95qmANElUOJg+MtDE53dBcxirzukia7stBJQ08meOMUt
X-Received: by 10.43.29.208 with SMTP id rz16mr33120266icb.89.1427294251081; Wed, 25 Mar 2015 07:37:31 -0700 (PDT)
X-Received: by 10.43.29.208 with SMTP id rz16mr33120252icb.89.1427294250961; Wed, 25 Mar 2015 07:37:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.7.193 with HTTP; Wed, 25 Mar 2015 07:37:00 -0700 (PDT)
In-Reply-To: <CA+k3eCSydCCrsrAdmm=5z-bQLpQZkPdJxYK3xWvfttWSbB9=uA@mail.gmail.com>
References: <CA+k3eCSydCCrsrAdmm=5z-bQLpQZkPdJxYK3xWvfttWSbB9=uA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 25 Mar 2015 09:37:00 -0500
Message-ID: <CA+k3eCRJWnEGVX94CNWBoH8ciXzxGGfSTFTbv9YqX2sard0y-g@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="bcaec5186582d1a2af05121dd678"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/BATfwNkd8n2EfLEwcPfrKl7f_iE>
Subject: Re: [OAUTH-WG] trouble reading the start of sec 3 proof-of-possession-02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 14:37:43 -0000
There's similar wording in sec 3.3 <https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3.3> too that seems to suggest that the presenter is the one that makes the claim. I think the presenter confirms the claim when it presents. It's the issuer that makes/asserts/declares the claim. No? "In this case, the presenter of a JWT declares that it possesses a particular key and that the recipient can cryptographically confirm proof-of-possession of the key by the presenter by including a "cnf" (confirmation) claim in the JWT whose value is a JSON object, with the JSON object containing a "kid" (key ID) member identifying the key." On Sun, Mar 22, 2015 at 8:42 PM, Brian Campbell <bcampbell@pingidentity.com> wrote: > My brain hurt trying to parse the first sentence/paragraph from section 3 > <https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3>: > > > "The presenter of a JWT declares that it possesses a particular key > and that the recipient can cryptographically confirm proof-of- > possession of the key by the presenter by including a "cnf" > (confirmation) claim in the JWT whose value is a JSON object, with > the JSON object containing a "jwk" (JSON Web Key) or "kid" (key ID) > member identifying the key." > > The issuer includes the "cnf" claim and makes the declaration not the > presenter. Sure, the presenter may be the issuer but that's a special case. > > Isn't it more accurate to say that it is the issuer who declares that the > presenter can confirm itself by some cryptographic proof-of-possession of > the key identified by the "cnf" claim? Or something more like that... > > > > >
- [OAUTH-WG] trouble reading the start of sec 3 pro… Brian Campbell
- Re: [OAUTH-WG] trouble reading the start of sec 3… Brian Campbell
- Re: [OAUTH-WG] trouble reading the start of sec 3… Nat Sakimura
- Re: [OAUTH-WG] trouble reading the start of sec 3… Justin Richer
- Re: [OAUTH-WG] trouble reading the start of sec 3… Brian Campbell
- Re: [OAUTH-WG] trouble reading the start of sec 3… John Bradley
- Re: [OAUTH-WG] trouble reading the start of sec 3… Mike Jones