Re: [OAUTH-WG] Guidance for which key to use for JWE encryption? (draft-ietf-oauth-jwsreq-19)

Brian Campbell <bcampbell@pingidentity.com> Fri, 26 July 2019 12:01 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E1F120330 for <oauth@ietfa.amsl.com>; Fri, 26 Jul 2019 05:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ahm01UyhzZSM for <oauth@ietfa.amsl.com>; Fri, 26 Jul 2019 05:01:50 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62C38120325 for <OAuth@ietf.org>; Fri, 26 Jul 2019 05:01:50 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id s7so104100331iob.11 for <OAuth@ietf.org>; Fri, 26 Jul 2019 05:01:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=46jQWD73clXvAYO3w5HEhlvUJXdMdzv8X2loZlnN2mE=; b=lImxDUJ5DEUpUjuIzpK1T2ASNLqBYyv25iECny+Ia1p3ryxU81tXGPX4eWaDKg6eQJ Z403TQP5zYFEQqs3qubefU4LLR1T6pc8UNv177tWFTpboT8zadPHIE1jzcqwpdqNFAMt kCqQqYKeA2TgX9QxezYWxZzxDJk2a7c+ilJF0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=46jQWD73clXvAYO3w5HEhlvUJXdMdzv8X2loZlnN2mE=; b=L/UEfQdzyDYDkO+8T11Z2C69r4sMAugT9o5tD3wYzs3Se1EsNZDxit2p8gnlGQ5aQR 2IT1ngZM3ut81V4NASWle7kOfitkU2LV/JzBp1+lgopQbPf9GK+eg5A8lSjwyV50yiqL ZcS/MvVkF5nekLK4FGTQCyL6lkUiTI0E9nOdFNMmh5P7fFd11LmnyU8gRt/8zUbZTTwy R+pwcoacDCkXWL/eXjuef77r2kN0cp5D/datwP4Z760TI1M1CwtqH+/pxf5FOcQC58fh 4909B8vrrniMyx5uWNiPRkA3WcIVyFhYObn8SYto/Jg/u3HVKT4efDDhCOU7mvJdYEGN ag2A==
X-Gm-Message-State: APjAAAUwhN0KqT3ylG64QTAtJHJSSOiSLKknfwPnmYSgQSTTVU60H71M CBCB744jSWxi7mjQxC91njk684Y3fg+qVF7rx0yFQjjOH8Kwrf8m98p8sSZru6kJYHunpfWcobO 5lKqhc6LBznn26amaC3+9sQ==
X-Google-Smtp-Source: APXvYqyjbmgzIr/jhmLQYsUllXd1ROXIWtS/ELA5KfQuNUpt1n3/gSwpspa/MImShHrB5aa9Nf+gxOrUtccWvObkGkU=
X-Received: by 2002:a5d:9b1a:: with SMTP id y26mr22216936ion.238.1564142509686; Fri, 26 Jul 2019 05:01:49 -0700 (PDT)
MIME-Version: 1.0
References: <3755f0ec-b9b3-a120-3aa5-5b8df1960dec@mail.ru>
In-Reply-To: <3755f0ec-b9b3-a120-3aa5-5b8df1960dec@mail.ru>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 26 Jul 2019 06:01:23 -0600
Message-ID: <CA+k3eCRjBgen9SLXS=mt=qsj-OqEQ3ePNwcLT2wGpbX=iaqiDw@mail.gmail.com>
To: =?UTF-8?B?0KLQsNC90LPQuCDQm9C1INCf0LXQvdGB?= <tangui.lepense=40mail.ru@dmarc.ietf.org>
Cc: oauth <OAuth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ab1b0f058e944e69"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Q5QWS9GH4vKdBmxRVwaAQo1EzYw>
Subject: Re: [OAUTH-WG] Guidance for which key to use for JWE encryption? (draft-ietf-oauth-jwsreq-19)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 12:01:53 -0000

I'd say this one->* any "enc" key published by the AS on its jwks_uri?

On Thu, Jul 25, 2019 at 3:50 PM Танги Ле Пенс <tangui.lepense=
40mail.ru@dmarc.ietf.org>; wrote:

> Dear all,
>
> draft-ietf-oauth-jwsreq-19 gives guidance on which key use to verify a
> JWS' signature (the client's key)
> (https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-19#section-6.2).
>
> However there no such guidance for JWE encryption:
>
> * any "enc" key published by the AS on its jwks_uri?
>
> * one specific key of the ones listed at the server's jwks_uri? If so,
> how to indicate which one in particular?
>
> * out-of-band configuration?
>
> And should it be part of the specification?
>
> Regards,
>
> --
>
> Tangui
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._