Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E1F120330 for ; Fri, 26 Jul 2019 05:01:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ahm01UyhzZSM for ; Fri, 26 Jul 2019 05:01:50 -0700 (PDT) Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62C38120325 for ; Fri, 26 Jul 2019 05:01:50 -0700 (PDT) Received: by mail-io1-xd31.google.com with SMTP id s7so104100331iob.11 for ; Fri, 26 Jul 2019 05:01:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=46jQWD73clXvAYO3w5HEhlvUJXdMdzv8X2loZlnN2mE=; b=lImxDUJ5DEUpUjuIzpK1T2ASNLqBYyv25iECny+Ia1p3ryxU81tXGPX4eWaDKg6eQJ Z403TQP5zYFEQqs3qubefU4LLR1T6pc8UNv177tWFTpboT8zadPHIE1jzcqwpdqNFAMt kCqQqYKeA2TgX9QxezYWxZzxDJk2a7c+ilJF0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=46jQWD73clXvAYO3w5HEhlvUJXdMdzv8X2loZlnN2mE=; b=L/UEfQdzyDYDkO+8T11Z2C69r4sMAugT9o5tD3wYzs3Se1EsNZDxit2p8gnlGQ5aQR 2IT1ngZM3ut81V4NASWle7kOfitkU2LV/JzBp1+lgopQbPf9GK+eg5A8lSjwyV50yiqL ZcS/MvVkF5nekLK4FGTQCyL6lkUiTI0E9nOdFNMmh5P7fFd11LmnyU8gRt/8zUbZTTwy R+pwcoacDCkXWL/eXjuef77r2kN0cp5D/datwP4Z760TI1M1CwtqH+/pxf5FOcQC58fh 4909B8vrrniMyx5uWNiPRkA3WcIVyFhYObn8SYto/Jg/u3HVKT4efDDhCOU7mvJdYEGN ag2A== X-Gm-Message-State: APjAAAUwhN0KqT3ylG64QTAtJHJSSOiSLKknfwPnmYSgQSTTVU60H71M CBCB744jSWxi7mjQxC91njk684Y3fg+qVF7rx0yFQjjOH8Kwrf8m98p8sSZru6kJYHunpfWcobO 5lKqhc6LBznn26amaC3+9sQ== X-Google-Smtp-Source: APXvYqyjbmgzIr/jhmLQYsUllXd1ROXIWtS/ELA5KfQuNUpt1n3/gSwpspa/MImShHrB5aa9Nf+gxOrUtccWvObkGkU= X-Received: by 2002:a5d:9b1a:: with SMTP id y26mr22216936ion.238.1564142509686; Fri, 26 Jul 2019 05:01:49 -0700 (PDT) MIME-Version: 1.0 References: <3755f0ec-b9b3-a120-3aa5-5b8df1960dec@mail.ru> In-Reply-To: <3755f0ec-b9b3-a120-3aa5-5b8df1960dec@mail.ru> From: Brian Campbell Date: Fri, 26 Jul 2019 06:01:23 -0600 Message-ID: To: =?UTF-8?B?0KLQsNC90LPQuCDQm9C1INCf0LXQvdGB?= Cc: oauth Content-Type: multipart/alternative; boundary="000000000000ab1b0f058e944e69" Archived-At: Subject: Re: [OAUTH-WG] Guidance for which key to use for JWE encryption? (draft-ietf-oauth-jwsreq-19) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2019 12:01:53 -0000 --000000000000ab1b0f058e944e69 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I'd say this one->* any "enc" key published by the AS on its jwks_uri? On Thu, Jul 25, 2019 at 3:50 PM =D0=A2=D0=B0=D0=BD=D0=B3=D0=B8 =D0=9B=D0=B5= =D0=9F=D0=B5=D0=BD=D1=81 wrote: > Dear all, > > draft-ietf-oauth-jwsreq-19 gives guidance on which key use to verify a > JWS' signature (the client's key) > (https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-19#section-6.2). > > However there no such guidance for JWE encryption: > > * any "enc" key published by the AS on its jwks_uri? > > * one specific key of the ones listed at the server's jwks_uri? If so, > how to indicate which one in particular? > > * out-of-band configuration? > > And should it be part of the specification? > > Regards, > > -- > > Tangui > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > --=20 _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged= =20 material for the sole use of the intended recipient(s). Any review, use,=20 distribution or disclosure by others is strictly prohibited.=C2=A0 If you h= ave=20 received this communication in error, please notify the sender immediately= =20 by e-mail and delete the message and any file attachments from your=20 computer. Thank you._ --000000000000ab1b0f058e944e69 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I'd say this one->* any "enc" key pu= blished by the AS on its jwks_uri?

On Thu, Jul 25, 2019 at 3:50 PM = =D0=A2=D0=B0=D0=BD=D0=B3=D0=B8 =D0=9B=D0=B5 =D0=9F=D0=B5=D0=BD=D1=81 <ta= ngui.lepense=3D40mail.ru@dmarc.= ietf.org> wrote:
Dear all,

draft-ietf-oauth-jwsreq-19 gives guidance on which key use to verify a
JWS' signature (the client's key)
(https://tools.ietf.org/html/draft= -ietf-oauth-jwsreq-19#section-6.2).

However there no such guidance for JWE encryption:

* any "enc" key published by the AS on its jwks_uri?

* one specific key of the ones listed at the server's jwks_uri? If so, =
how to indicate which one in particular?

* out-of-band configuration?

And should it be part of the specification?

Regards,

--

Tangui

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<= span style=3D"margin:0px;padding:0px;border:0px;outline:0px;vertical-align:= baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,= -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ub= untu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"= >CONFIDENTIALITY NOTICE: This email may contain confidenti= al and privileged material for the sole use of the intended recipient(s). A= ny review, use, distribution or disclosure by others is strictly prohibited= .=C2=A0 If you have received this communication in error, please notify the= sender immediately by e-mail and delete the message and any file attachmen= ts from your computer. Thank you. --000000000000ab1b0f058e944e69--