Re: [OAUTH-WG] draft-ietf-oauth-pop-key-distribution-01 and Open Issues

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 05 March 2015 13:00 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 504E21A01A9 for <oauth@ietfa.amsl.com>; Thu, 5 Mar 2015 05:00:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.769
X-Spam-Level:
X-Spam-Status: No, score=-1.769 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_SBL=0.141, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3adE_HJYRuU for <oauth@ietfa.amsl.com>; Thu, 5 Mar 2015 05:00:19 -0800 (PST)
Received: from mout-xforward.gmx.net (mout-xforward.gmx.net [82.165.159.41]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F361A1A02 for <oauth@ietf.org>; Thu, 5 Mar 2015 05:00:18 -0800 (PST)
Received: from [192.168.131.142] ([80.92.121.102]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MXIGf-1Y028o0lqX-00WHmT; Thu, 05 Mar 2015 14:00:15 +0100
Message-ID: <54F8535D.5080206@gmx.net>
Date: Thu, 05 Mar 2015 14:00:13 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: John Bradley <ve7jtb@ve7jtb.com>
References: <54F81ADA.3000203@gmx.net> <0B09DB9C-CB26-448D-AE4B-F50E37C2560A@ve7jtb.com> <54F83F32.3040305@gmx.net> <FE8540FB-5CF6-4B1F-9C07-21638865AB17@ve7jtb.com> <54F84F69.2090408@gmx.net> <A49503FE-3634-4859-9180-B7589259515D@ve7jtb.com>
In-Reply-To: <A49503FE-3634-4859-9180-B7589259515D@ve7jtb.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IQCiEC62qpNx8ND19LtlfpVDIIqj3FvHB"
X-Provags-ID: V03:K0:yLmSMrEZ/yOZ+LstgxhyCHRR/qVM8H9vVr7n4+uhvyJR40vj/JG efxbCu+rLjinpNPWM4s2N0lFhAXWTTm9xYvsOKrCgEe5OMZ/GCrQK4Y9cIcqLngZCRK0/lp 2WAgjRoZnBw3NBjwkRypN21qpKScJ6pxCJkYXaUI0AmleIg6dYG1AePo3aEsSbfAj5H36Rh rgGejcuyB0QthTm4XOl8w==
X-UI-Out-Filterresults: junk:10;
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/GDEEjQ3LHVRDyQnk5k3Qql4RVjg>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-pop-key-distribution-01 and Open Issues
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 13:00:20 -0000

In context of <draft-ietf-oauth-pop-key-distribution-01> we then need to
differentiate the case where the client wants to have the server attach
the already stored key vs. the case where the client wants to create a
new key regardless whether there is one stored or not.

Does that make sense?

On 03/05/2015 01:58 PM, John Bradley wrote:
> I am ok with saying that the JWK must have keyed if there is more than one key and it SHOULD if there is only one.