Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard
Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Fri, 06 May 2022 12:27 UTC
Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 482FAC15949F; Fri, 6 May 2022 05:27:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dY387wq9Cw-9; Fri, 6 May 2022 05:27:55 -0700 (PDT)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EB99C159823; Fri, 6 May 2022 05:27:55 -0700 (PDT)
Received: by mail-pl1-x635.google.com with SMTP id k1so7257298pll.4; Fri, 06 May 2022 05:27:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jguJ6Ha7ATYGqaD3fDIuc6QzabDd7WLEKGfmea5xCCo=; b=CkRTjthwHTV5DwVvs8iPSf4GMRlWZMoN2h0SyUX4fn1bbUS5cLzTZVtieTKi2hoq2R ivhBooVCJxMcYHB8YtqX8fJjYsm35C+ma+d5ofFsTnerZgfMZy2TlnCMkBOd6mXLTJJ+ Eq3Oip8KLRuuUayJVRUncLdJM9h26n24rLbVIry+Fg8QqDs0d53oUilyJ2WN52Itr/aV 4USMLz/ffK/IHahxASZvaJunXxOVhHjewCP/U1mRY7J3g4O/IYK93NtgMQPtHHfIAqU0 OUq3xipDxfI7urIkSUdCa4uFcOYQ0mz71VVaGVQw2eQRkwRoGFSOGCjtarFshv0TdidC cixA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jguJ6Ha7ATYGqaD3fDIuc6QzabDd7WLEKGfmea5xCCo=; b=x5aaJkOaarRbt/Zqtq46zY4yvGGSqJUVd2E3UiHx9z6xmz8Nh0zhftw/ly3bQ4c+oS jmXMMkTiE0xzudCd146/KvLLiX01O7HsNlp8Z/TjyVW6sji/xuCD/fotAsbqVDGcHX1I t1nKDuyd7nV1LdiJYpJPNMNRuanNipHnGX+Tfzx/vIz1kBIp5iwUWDhtLgWTzChzjl8P igs4m/97SbKR4fcoscMKZjVG/4ibw3I0yOQ/U16KfMhELqvCy16xs0GNqSZAF4zvqODv mgDRiyF3rhphLRD/O1AF/jDUtRmt5y59IYcRVtLZCg3ezSb/WO1RqGHQKqfL8Oi1MehB ycBg==
X-Gm-Message-State: AOAM531DYYGwZihpEPWBGPEZhhpewTLUX6Df0GKut5NAa508Xbe5zWmk CU0moDtPfzB9aWIR+0frjDftlbRmNnslBIfoJow=
X-Google-Smtp-Source: ABdhPJyyhhONn1OWaiZd+2maeCutHvMV8F1W5kjBxgZu23X8xWFVH2wMmICHwlFR5Kb8wmArYO8iJ+aEN6KTHiPMPso=
X-Received: by 2002:a17:90b:1e4f:b0:1dc:847d:38b5 with SMTP id pi15-20020a17090b1e4f00b001dc847d38b5mr12199000pjb.3.1651840074331; Fri, 06 May 2022 05:27:54 -0700 (PDT)
MIME-Version: 1.0
References: <165092137918.1385.17213010140457783707@ietfa.amsl.com> <ME3PR01MB59734146D665E8834FE3FC40E5FB9@ME3PR01MB5973.ausprd01.prod.outlook.com> <SJ0PR00MB10056834E04389B9C5A918B2F5C09@SJ0PR00MB1005.namprd00.prod.outlook.com>
In-Reply-To: <SJ0PR00MB10056834E04389B9C5A918B2F5C09@SJ0PR00MB1005.namprd00.prod.outlook.com>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Fri, 06 May 2022 08:27:42 -0400
Message-ID: <CADNypP8ZwqeXJGabGVhKamsQa9JQqD=10dB57++cDZFuQXUuDg@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: "Manger, James" <James.H.Manger=40team.telstra.com@dmarc.ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-oauth-jwk-thumbprint-uri@ietf.org" <draft-ietf-oauth-jwk-thumbprint-uri@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000db37ef05de56fcae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/OuqlWq97OLoic0uzO93F35BR9GM>
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2022 12:27:59 -0000
Mike, RFC6920 defines an optional query parameter, in section 3: https://www.rfc-editor.org/rfc/rfc6920.html#section-3 I guess you could have added a query parameter to add that specificity. Regards, Rifaat On Tue, May 3, 2022 at 10:04 AM Mike Jones <Michael.Jones@microsoft.com> wrote: > Hi James. Thanks for your review. > > > > While ni: could have been used, ni: conveys nothing about the hash is of. > Whereas urn:ietf:params:oauth:jwk-thumbprint says that the hash is a JWK > thumbprint. At least for the use cases we anticipate, this additional > specificity adds value. > > > > -- Mike > > > > *From:* last-call <last-call-bounces@ietf.org> *On Behalf Of *Manger, > James > *Sent:* Tuesday, April 26, 2022 9:26 AM > *To:* last-call@ietf.org > *Cc:* draft-ietf-oauth-jwk-thumbprint-uri@ietf.org; oauth-chairs@ietf.org; > oauth@ietf.org > *Subject:* Re: [Last-Call] [OAUTH-WG] Last Call: > <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to > Proposed Standard > > > > draft-ietf-oauth-jwk-thumbprint-uri-01 uses labels from the Named > Information IANA registry > <https://www.iana.org/assignments/named-information/named-information.xhtml> > to create URIs from hashes, but then why doesn’t it just use the RFC that > created that registry and already defines a way to format hashes as URIs [RFC > 6920 Naming Things with Hashes > <https://www.rfc-editor.org/rfc/rfc6920.html>]? > > > > For a JSON object representing a JWK whose SHA-256 hash > (base64url-encoded) is NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs: > > - RFC6920 defines the URI: > ni:///sha-256;NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs > - draft-ietf-oauth-jwk-thumbprint-uri-01 defines the URI: > > urn:ietf:params:oauth:jwk-thumbprint:sha-256:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs > > > > -- > > James Manger > > > > > > *From: *OAuth <oauth-bounces@ietf.org> on behalf of The IESG < > iesg-secretary@ietf.org> > *Date: *Tuesday, 26 April 2022 at 7:17 am > *To: *IETF-Announce <ietf-announce@ietf.org> > *Cc: *draft-ietf-oauth-jwk-thumbprint-uri@ietf.org < > draft-ietf-oauth-jwk-thumbprint-uri@ietf.org>, oauth-chairs@ietf.org < > oauth-chairs@ietf.org>, oauth@ietf.org <oauth@ietf.org> > *Subject: *[OAUTH-WG] Last Call: > <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to > Proposed Standard > > [External Email] This email was sent from outside the organisation – be > cautious, particularly with links and attachments. > > The IESG has received a request from the Web Authorization Protocol WG > (oauth) to consider the following document: - 'JWK Thumbprint URI' > <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@ietf.org mailing lists by 2022-05-09. Exceptionally, comments > may > be sent to iesg@ietf.org instead. In either case, please retain the > beginning > of the Subject line to allow automated sorting. > > Abstract > > > This specification registers a kind of URI that represents a JSON Web > Key (JWK) Thumbprint value. JWK Thumbprints are defined in RFC 7638. > This enables JWK Thumbprints to be used, for instance, as key > identifiers in contexts requiring URIs. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-oauth-jwk-thumbprint-uri/ > > > > No IPR declarations have been submitted directly on this I-D. > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumb… The IESG
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Manger, James
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… David Waite
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… David Waite