IETF Logo Mail Archive

Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

Mike Jones <Michael.Jones@microsoft.com> Mon, 31 August 2015 20:48 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A315F1B60AA for <oauth@ietfa.amsl.com>; Mon, 31 Aug 2015 13:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.088
X-Spam-Level:
X-Spam-Status: No, score=0.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBhqe3-f5UGt for <oauth@ietfa.amsl.com>; Mon, 31 Aug 2015 13:48:50 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0105.outbound.protection.outlook.com [207.46.100.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25DB01B5EBF for <oauth@ietf.org>; Mon, 31 Aug 2015 13:48:50 -0700 (PDT)
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.243.23; Mon, 31 Aug 2015 20:48:48 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0243.020; Mon, 31 Aug 2015 20:48:48 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?
Thread-Index: AdDh9rQ7JsIqFds1TemX1WLLLxf4QgCN4AGAAAAHuOA=
Date: Mon, 31 Aug 2015 20:48:48 +0000
Message-ID: <BY2PR03MB4423F81E85EE756CF12F1E0F56B0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <BY2PR03MB4424EDD3DAA9E1CD5E6E396F56D0@BY2PR03MB442.namprd03.prod.outlook.com> <CA+k3eCSb_BXBrQ0hqPK2Z3g49f0=rUnJ0B6gdwGHRcAvRuSfeg@mail.gmail.com>
In-Reply-To: <CA+k3eCSb_BXBrQ0hqPK2Z3g49f0=rUnJ0B6gdwGHRcAvRuSfeg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:5::521]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:UV/bPyX9hDzBehMNdboM1gVmBmVx3MO76nmGGqnNowq+E3lc9yGEypmE2kCCPsP2/7L2Jac3DJl0fo9wEPfYYJMuvFktHB9xBbk0lyAJuZhL/OpcOXShVro3SkZaRha5ByioPMEP6ZEf2899aE0sFw==; 24:s4KTQZhU3zlpzEXoIgosRPvURjqu/MmwxfpKxJflACqwb5LRKLBy6AW1Ce0Z19vMFKx5lB+bPNXX/eOfhXptfvndp9JkkEnzEGKmTRnkP54=; 20:aefSoOlhj8Fqs1Jz6Ws+5/rmDW9vaUbf+lfNPwplCjslDvwYxaDBn7g8AP559grU5inhT9VElOR5ofRHHtUI5w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
x-microsoft-antispam-prvs: <BY2PR03MB442D4F131CB8F976F05C8D7F56B0@BY2PR03MB442.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(8121501046)(3002001); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 0685122203
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(189002)(164054003)(43784003)(199003)(97736004)(5007970100001)(19300405004)(5001830100001)(106356001)(110136002)(2950100001)(33656002)(87936001)(40100003)(19580405001)(122556002)(15975445007)(102836002)(2900100001)(50986999)(64706001)(76176999)(230783001)(19609705001)(19580395003)(86612001)(54356999)(77096005)(68736005)(8990500004)(62966003)(5003600100002)(5004730100002)(10400500002)(189998001)(86362001)(81156007)(105586002)(77156002)(46102003)(76576001)(5002640100001)(101416001)(2656002)(92566002)(19625215002)(10090500001)(16236675004)(74316001)(10290500002)(5005710100001)(99286002)(5001960100002)(4001540100001)(5001860100001)(19617315012)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4423F81E85EE756CF12F1E0F56B0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2015 20:48:48.7655 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/QtqItY12U6Yjk-IQ4px9s6GNS4A>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 20:48:52 -0000

You’re welcome.  Thanks, as always, for the useful feedback that improved the specification.

From: Brian Campbell [mailto:bcampbell@pingidentity.com]
Sent: Monday, August 31, 2015 1:47 PM
To: Mike Jones
Cc: oauth
Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

Thank you

On Fri, Aug 28, 2015 at 7:04 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:
This was added at the end of Section 3.2 in -04<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-oauth-proof-of-possession-04&data=01%7c01%7cMichael.Jones%40microsoft.com%7c8fc6894cabb2401f16d108d2b24568c4%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ziYwMBX86u%2bC97p3VONieq8E%2bYNhXEEUVYcH2cn12nc%3d>.  Thanks again for the practical feedback, Brian!

                                                                -- Mike

From: John Bradley [mailto:ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>]
Sent: Tuesday, August 11, 2015 4:05 PM
To: Mike Jones
Cc: Brian Campbell; oauth
Subject: Re: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

OK
On Aug 11, 2015, at 12:57 AM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:

As discussed in the thread “[OAUTH-WG] JWT PoP Key Semantics WGLC followup 2 (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?)”, I will update the draft to say that the symmetric key can be carried in the “jwk” element in an unencrypted form if the JWT is itself encrypted.  This will happen in -04.

                                                            -- Mike

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Campbell
Sent: Sunday, March 22, 2015 11:41 PM
To: oauth
Subject: [OAUTH-WG] proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?

When the JWT is itself encrypted as a JWE, would it not be reasonable to have a symmetric key be represented in the cnf claim with the jwk member as an unencrypted JSON Web Key?
Is such a possibility left as an exercise to the reader? Or should it be more explicitly allowed or disallowed?

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c8fc6894cabb2401f16d108d2b24568c4%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ybBu1UvIY329rAf0U%2fF165BzKHKaXOqzGmf2B1FiZO4%3d>

v2.23.0 | Report a Bug | By Email