IETF Logo Mail Archive

[OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

Brian Campbell <bcampbell@pingidentity.com> Mon, 23 March 2015 06:41 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CFE61A88D6 for <oauth@ietfa.amsl.com>; Sun, 22 Mar 2015 23:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NR4sOrS2-4pD for <oauth@ietfa.amsl.com>; Sun, 22 Mar 2015 23:41:11 -0700 (PDT)
Received: from na3sys009aog138.obsmtp.com (na3sys009aog138.obsmtp.com [74.125.149.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E7E81A88DB for <oauth@ietf.org>; Sun, 22 Mar 2015 23:41:11 -0700 (PDT)
Received: from mail-ie0-f174.google.com ([209.85.223.174]) (using TLSv1) by na3sys009aob138.postini.com ([74.125.148.12]) with SMTP ID DSNKVQ+1hjnvDn+ggscyb7/pOWlnH5VnYK1D@postini.com; Sun, 22 Mar 2015 23:41:11 PDT
Received: by iecvj10 with SMTP id vj10so28886023iec.0 for <oauth@ietf.org>; Sun, 22 Mar 2015 23:41:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=qz78TyXZW/Wd/9JwVHbuydQQ/FkDOAjDAkoX/m4g7Zc=; b=LrRY0dWBHw4mBKjInzxchP8cqezqEyAAUKxkJCxuKWCe8JfsiWZlEtF8Oob39/UFgM AoN2khfKb5bT2T74wfLrLTHrHMwXgE1ApMcIc56XxpP6EkzkDx4Wbu6AL48W+8YOAipn v2VDsgconepYWXQBQSDX87WLGdoP4QgvJnGWclavat4+L9IsOCgLGyyXYiNeE5owRjbA vv/8NDuLqTb3IHFgL11shm1+ed+2jUBjr16rM3qPHEBA196bvwqyhiK2ht5PLtQHbDMZ jS6Od5UKlwcFfeJWhW2ROqSUBMXoOsv8Gu/qgYtoDhHAXgaPTYOwPwVGrcr/vpLUrx2W /TDg==
X-Gm-Message-State: ALoCoQmiojEhWmtWBi1aOG3wMivIYFwjz6LsmaKjpco3LobABB3wioAdqXygYa4ajPZYNJHGoNuIdGEEMuiJUKJVFl7XFgLWSDUF5cnbxLhaX3TgjxwRhUF9rkncB4NQ8RaGh7amx3aC
X-Received: by 10.50.78.9 with SMTP id x9mr12259735igw.44.1427092870311; Sun, 22 Mar 2015 23:41:10 -0700 (PDT)
X-Received: by 10.50.78.9 with SMTP id x9mr12259622igw.44.1427092868221; Sun, 22 Mar 2015 23:41:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.7.193 with HTTP; Sun, 22 Mar 2015 23:40:38 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 23 Mar 2015 01:40:38 -0500
Message-ID: <CA+k3eCSKNm7L7_VN=wVQ21bgAtXs+BAD7kVSkYpQNLfPDppUaQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="089e0115f63878e7a10511eef32c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Q6phSKAtJV11lolRvBC5DYr8a58>
Subject: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 06:41:12 -0000

Do folks in the WG think there'd be utility in having a way to identity the
finger/thumbprint of a key in the cnf claim. A presenter might, for
example, present the JWT along with a public JWK and some
proof-of-possession of that JWK.  And the JWK would be bound to the JWT via
the thumbprint, which is more space efficient (with respect to the JWT
anyway) than the full JWK.

v2.23.0 | Report a Bug | By Email