Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard
Mike Jones <Michael.Jones@microsoft.com> Tue, 03 May 2022 14:04 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E7FC14F72C; Tue, 3 May 2022 07:04:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x4PmiOCF9eWc; Tue, 3 May 2022 07:04:32 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-eus2azlp170100002.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E66D3C14F612; Tue, 3 May 2022 07:04:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h5eekdysNb0McCmdPaneq8Avrfj8Y+w2y+PFCh27SHEEa7Um+LafIEJRXakJXgudAbbAbRhjkS7szOCbDFduFR8S/18OnjtU2fm6D74qEQHlOfLxuY1FtkWs/k3ETYwpi9E6YsIOwNGpK+GKYKPNt1ruAbNSVD1TnTqW6lbqLV6YtmtcntexXhW40d6QIyqVogQnURdxN7AgpyAQDE1/XhNCpFPSll7E7rLyL6125y4mSJGFx0pbXALFxYRxSE4XSGYN3X+xjXZ7AeJgFxLwQueX9q4v/bTJbOoy9l71LqV9JCll1xbP9LUauTOA5hX4hhVDvqOCXl9gzBJkPWaHSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9Y1bFExK9K+dVcH/hE30jEtdxoKsS4PfY5r5h4ova8E=; b=cVDlz5aWYuVbQUc1h0MavtB8NANiF4weLkSQv22c7kB/PyHgKpjBL9VW/1gbtY7VHINK5NDdLeVkiZWPiMPv10S+wkz5Q12pW9mxGPrwSFxou8HiVq3GL8BkwBsRoH7irg4ew+oVXVUOagko5uTMW1I0InZpJffTTDbSidZssFmnLGq810z6oRCTyGV+f1atqDQd7lG2ynLIslIUFU5xSxPkYD/vij7AWpXV8JksQBcDxZctVCeX5xsBJgGEFx+MLSGCv5mv3XUNuvfM57lgMJdEXctZT9TaAtQw9y67JpO1O3BVpTc4/tqNFowGfDG8pSQDRQeKaLj40DhLER0MnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Y1bFExK9K+dVcH/hE30jEtdxoKsS4PfY5r5h4ova8E=; b=TFE54HK+SdGacM6esYpUfTI10a+yGDa9fth4Vyp0WOUaJ2owqoUeoZtxXLOfBFyVgb+mRkyxjGRJpSDql4t0ymUSassHR6tjjt2JB8Y71ZkLSLW3JMoPoZGTg/iOG0iSqHh+GOApdZSuwaxq3LnLMfsNQu3ZCbvFmDB0yVc3xaw=
Received: from SJ0PR00MB1005.namprd00.prod.outlook.com (2603:10b6:a03:2d3::18) by BY5PR00MB0776.namprd00.prod.outlook.com (2603:10b6:a03:1df::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5266.0; Tue, 3 May 2022 14:04:27 +0000
Received: from SJ0PR00MB1005.namprd00.prod.outlook.com ([fe80::5df2:6ea4:7699:558f]) by SJ0PR00MB1005.namprd00.prod.outlook.com ([fe80::5df2:6ea4:7699:558f%8]) with mapi id 15.20.5267.000; Tue, 3 May 2022 14:04:27 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Manger, James" <James.H.Manger=40team.telstra.com@dmarc.ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
CC: "draft-ietf-oauth-jwk-thumbprint-uri@ietf.org" <draft-ietf-oauth-jwk-thumbprint-uri@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard
Thread-Index: AQHYWOnZY6OKP7TdLEus18FTz/80vK0Bx8nbgAtyJUA=
Date: Tue, 03 May 2022 14:04:27 +0000
Message-ID: <SJ0PR00MB10056834E04389B9C5A918B2F5C09@SJ0PR00MB1005.namprd00.prod.outlook.com>
References: <165092137918.1385.17213010140457783707@ietfa.amsl.com> <ME3PR01MB59734146D665E8834FE3FC40E5FB9@ME3PR01MB5973.ausprd01.prod.outlook.com>
In-Reply-To: <ME3PR01MB59734146D665E8834FE3FC40E5FB9@ME3PR01MB5973.ausprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-05-03T14:04:22Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c8a3a2ef-7b87-4ca8-bc5e-0979b973165e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fbd4631a-ccdc-4bc6-59bf-08da2d0dd5cc
x-ms-traffictypediagnostic: BY5PR00MB0776:EE_
x-microsoft-antispam-prvs: <BY5PR00MB0776B29842DCB2AA3F1B185EF5C09@BY5PR00MB0776.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zyB+qJLJBAMPKC/VbtEL0doUWPhkZqDcOZq6KG0uOS5H3sqjJ01vDkK2UBgKa+XleSHebn7cYt2ttxWk/9FF2dn8tYgVcsYijGsnXQJBCuuo+izjwRcBJ1k3W9mBPHlFU1nLLvfpkgN6kNOg1Fp2AkxKIfIn9Y2u+VV2DC3ZArU4tnl9cVoDk4dKWv7QllXRHtV5IeOGo4f2b+xiMRZ5WGdJTi1SjTlZ0ViSl9P+IQiWLq55Lx6Se8p5nzEps2SVPpc9SZFUlHyQGYMT6XkqW+GRxmMLUJapwyPPYI5Bal1Weqps3h5D/cBb0VT5y4Tcjn9RVPODJgcNUVVtzUVegKkE5hYY+KoWngNqSdXi090FnIiTUHO/bTrNmdOfImY/F+GbVfyhuT881d3DavVc+o9Z3wUxIBI96QhzutkcqmQsMDQnBUJ2tWrvRbDq/Ys2X2IigX3eZjYeyCfb7kB83hdwwm+ZCkDGbFz8G6JsDxL39GyDzg98X1TgY/Z2oq+F4RAKSApQiaMmQ9Hi40d2uJcqGpMdPj6HuKxD95q5P3Fs+vD21DsQKWk6Wvj13UolpozOrcNWr7qkpOov2gWWAFKokIXHRGdhC6YJEoz8obHYqiIpQH/0vuriA0/3Xu9qkqsBgtWHf9+HhL+INH6RlELauv0gFJkacfbqWzB2SFhJwH0/PLPXxD7reACwLAM1oG4eQlqf01bpznOari/JduCdei4Kdcxw/ovzIRvblTkL77jp8EM9VYdMXBLaC78b/1o023XCi3w0IQofbKN5UrEwLlTUOQNbuHqUbokpOFj8Y5oNWpCiU66qXSvJVcBSiwQMIGDhyvPFutf2oxF0Iw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR00MB1005.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(5660300002)(2906002)(10290500003)(55016003)(508600001)(8936002)(71200400001)(82950400001)(82960400001)(83380400001)(122000001)(38070700005)(66476007)(21615005)(66556008)(966005)(52536014)(186003)(8990500004)(7696005)(6506007)(53546011)(64756008)(66446008)(316002)(166002)(9686003)(76116006)(66946007)(4326008)(8676002)(110136005)(54906003)(33656002)(38100700002)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: z352Nm2UQs4ryNk+GMEFftVT2aicZaToKASbvchbS+Dfi4jy62YTl/KQ1BcizOnT5yhxo+23MlKg6fTBGJnjXK/pOFw/iuXP6W5eLnNY9UuuI6abCmaUlHa3zPJ/G8n8wSzqWZie2yC+6WGXr083XubZfBa/cIOnC9g7dKOuwJIODRA5Cvf9LBXWfycaOUASyR7LFUJa47y4WpaEIZzOfO0LeJaTucnsF/BSQhnkgQvbetcBCGdH93FfM88i7ngOeDjVRsqLcYZsnEysS5XRk7su5Pga9AixJqGvZUXMzRls55eOiFAsxZSdc21dslxb9dWFSjrs2ALVpfra227j80hNI7Ye/Yu2AiJPM4GHbMVAs0QmJ5zklKsfG5DdvqlXI2HcaiPC2JyW99AcyOjGcqvjs7ivz/kJUIAxretP3hpJxprCdtkWw3K7clFjM67VIELCUEAZMi5GSqhLe+HVP+TF5Sd/wnRpnJt7YtMcI0ZB21TEW7D5ErthIQX/LiqNGQNMtAUmTcjeW5VaP8Ha3OF8XxX3KG0wcFKe/YjMf+i9FkRp3gI8jzG1fXXmELCsman4YRhZlxuVMlUogHfRBt2KqGGEy04awhbkZ0iteVOnJNTgfHPI6QBGg9xZNnx1yqC064gQjT/XP4byCAa+kDKTaHOgA4eJPpXhhbVvcXoKc7ijM4l5Eit9dxXHFl917PrvTDdJb1pjP3t47khaaTQeXbc1+JZlDKpzLp7+sPOSjgj/a0GRnfOH4pUxT4l3udUeWKY3w66MI2xzPhAmOU+gPmBGVsxMopCSWCcFUqn9YbASJhfJ7ATcQBiZbBdxLzVbz8zY4s8BkeITkpb56RHnLZF1HnMLK7yX/CilA+oH/tKfv0Xp6Mgie4E5k1eiwjVJhCD+g0ufQ8oM6aVGUpI3Fpzll7RE4rvjNOu3wYQ4CpI1+1rESW1lsz/n7zn+U0/BmLqi+dkbH8roxFA7QTzHKd6UaXL0Q0hQTijIwfjAPknyXCysjuneLOvjG7cGPY5akbtbQwzfKUpHQ11J3roZruHF+3BQWSZAMCn1eARTNY7nM7fzTUAOv4SZDBHous34D05vyh0tLZlW/CXCHlMbNtFmMclcIk34BFagpMrUURUYv6liaj9fFilpXZnFT5zn4DvvWf5eevS5pc77n+LQFk16X56o//VFMhd74473vyP0xvozV8d7PYocJjBYlbcujC0zEuf3GBui6DxKrWVFW23b5tjxuLRDujV2fkNCdfkVbi7Gg4KIdPSZ0lNYIhD4rjp4jy16APo4E6vgUUlgyF1Oljr6/1bn+0Caswb7X9DXZSPOIS3evaH1J5ES4OdmFIEw4rM7kjeoVPRuhXNLaLfdthQM6MGt8PFyuyefP6eAdeKG9bpptcH4qiPBp/ccs+x0aodp3rjXK17AkOUJUnPMOZxou/8NTSV3WtVxqmD9RzjQXL4fc906bYACnPGMLynmaBXVllJSasT/U9I5+qj96aUdaT5o4D9Y9n+Pu3cLFGCn5/TGM7BaNrTzHZ83xrPOQQBHKu26hwjECBNDGnEPFGZCdaoodb29Rdk0BReoVDyAggihOi38fezbnjEiNaWfMIQPzWaGpOuxXKY42H5LMk8TFPY67V75Qaz0GSElvb/Y1WAenD7r9YVVLZjIaYSfQcKO4P47HrDl9Irpjs1r4ZTi1PO+Bl/+mXSkjwQmvUzysQJ3QFspzwCfzS7tAEAwMHrSWl5NFcBD5d1UufdbGC+qrSufzmHPVWchbiZJVyAxtGzr02tcHLt9v+sMJ090
x-ms-exchange-antispam-messagedata-1: Ukeb+ZD5KzGHqA==
Content-Type: multipart/alternative; boundary="_000_SJ0PR00MB10056834E04389B9C5A918B2F5C09SJ0PR00MB1005namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR00MB1005.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fbd4631a-ccdc-4bc6-59bf-08da2d0dd5cc
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 May 2022 14:04:27.0650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q2IZNA9TEFYeSdt0/OOJVINmbyyJdsD3nSgwcaTA3AXFudwbYfduzEVDkokVM01sPdx1io3Snf7sFnbKOhVoow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR00MB0776
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Co9FfkUOZzaMxH0oxG1k_XL4s-o>
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 14:04:36 -0000
Hi James. Thanks for your review. While ni: could have been used, ni: conveys nothing about the hash is of. Whereas urn:ietf:params:oauth:jwk-thumbprint says that the hash is a JWK thumbprint. At least for the use cases we anticipate, this additional specificity adds value. -- Mike From: last-call <last-call-bounces@ietf.org> On Behalf Of Manger, James Sent: Tuesday, April 26, 2022 9:26 AM To: last-call@ietf.org Cc: draft-ietf-oauth-jwk-thumbprint-uri@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org Subject: Re: [Last-Call] [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard draft-ietf-oauth-jwk-thumbprint-uri-01 uses labels from the Named Information IANA registry<https://www.iana.org/assignments/named-information/named-information.xhtml> to create URIs from hashes, but then why doesn't it just use the RFC that created that registry and already defines a way to format hashes as URIs [RFC 6920 Naming Things with Hashes<https://www.rfc-editor.org/rfc/rfc6920.html>]? For a JSON object representing a JWK whose SHA-256 hash (base64url-encoded) is NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs: * RFC6920 defines the URI: ni:///sha-256;NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs * draft-ietf-oauth-jwk-thumbprint-uri-01 defines the URI: urn:ietf:params:oauth:jwk-thumbprint:sha-256:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs -- James Manger From: OAuth <oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>> on behalf of The IESG <iesg-secretary@ietf.org<mailto:iesg-secretary@ietf.org>> Date: Tuesday, 26 April 2022 at 7:17 am To: IETF-Announce <ietf-announce@ietf.org<mailto:ietf-announce@ietf.org>> Cc: draft-ietf-oauth-jwk-thumbprint-uri@ietf.org<mailto:draft-ietf-oauth-jwk-thumbprint-uri@ietf.org> <draft-ietf-oauth-jwk-thumbprint-uri@ietf.org<mailto:draft-ietf-oauth-jwk-thumbprint-uri@ietf.org>>, oauth-chairs@ietf.org<mailto:oauth-chairs@ietf.org> <oauth-chairs@ietf.org<mailto:oauth-chairs@ietf.org>>, oauth@ietf.org<mailto:oauth@ietf.org> <oauth@ietf.org<mailto:oauth@ietf.org>> Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> (JWK Thumbprint URI) to Proposed Standard [External Email] This email was sent from outside the organisation - be cautious, particularly with links and attachments. The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'JWK Thumbprint URI' <draft-ietf-oauth-jwk-thumbprint-uri-01.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org<mailto:last-call@ietf.org> mailing lists by 2022-05-09. Exceptionally, comments may be sent to iesg@ietf.org<mailto:iesg@ietf.org> instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification registers a kind of URI that represents a JSON Web Key (JWK) Thumbprint value. JWK Thumbprints are defined in RFC 7638. This enables JWK Thumbprints to be used, for instance, as key identifiers in contexts requiring URIs. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-oauth-jwk-thumbprint-uri/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-thumb… The IESG
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Manger, James
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… David Waite
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-jwk-t… David Waite