[OAUTH-WG] Potential uses of PoP keys in CBOR Web Tokens (CWTs)
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 12 June 2017 18:19 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 617ED12EB59 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 11:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8kcwiISQXK2 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 11:19:44 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A759D12EB5D for <oauth@ietf.org>; Mon, 12 Jun 2017 11:19:43 -0700 (PDT)
Received: from [192.168.91.196] ([80.92.114.129]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MVNWU-1dKyRV0oiE-00Yh9A; Mon, 12 Jun 2017 20:19:35 +0200
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Kepeng Li <kepeng.lkp@alibaba-inc.com>
Message-ID: <ad0a0942-a30a-3733-c294-447d9b767986@gmx.net>
Date: Mon, 12 Jun 2017 20:19:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:FqSW3HZNphTSWConvw4D227/mrnnYye0ibr2tUTwTcPRydE1rnE 1HjS5/KB2or11dR+ybyhOtNmhy4vuzgEeNYoUIwczi33QCMteCHDkNk2DYEykrEu08oOIAS tNLmQo1OpFnVR9aD4kJAQu7nMEXAd03jxXEHcm0TsUUU5C083fxVjUqcbC/rlN8smhnMcCR xaUobNDH+24Yf012xRPkA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:hZtWrMYdLks=:rndcX6s+1wF8ofxSqbFhvD L6U20qFVUV7yxgsglUJqkcParLncjieQjSSE1hkU5LHbjoNavwvSqpgOM77tqe6CkufQ9z9pS i6U36LQvntSF5O1j/8YlFRTqhP9BXqlx1Q94PFKmpLunFOmPPMX0JBUHDuZzmSCwlU+12I8vX 9SVwVlhMCk1hrZy+fRmRkeTVP0GezgzZ3GGcdaoJAR+OOvv1si3cUUbrwwlZBlULSlUrt7t+H KPm/qrdEMkPtjDdXP0U22uoOsf0tLFo8TSyxkh4Ldx0DXK1YD2PXQVVDQq2SxwMaRMM+xlxY3 888YEtd4gfQ+rawjNaymXsk3z+aUHBhM7iT6oaVWRsdJNot8F9ao7f5qnUy95qrpITSdc/zKM 5/x9b4+y63EH6bmuTgx7VIT2mEAZ1aY1P9gSGKWkgc+9gq6m8aE+mm/ASUfSHnAnHRiRbCqQh wDAeeOSZO5Q9KEw7fjFVb1ldqVGR0SIqlLJRLlos0MM5Ji53J8XGvF0DlLoOFUPGlrRtgBDS9 1lbrQMewJNkn0B01xf+8+UNQFX+Lv4Dq4FbK+yBdzcRYS4WTbkiuIFZR3BohYezHvcSrrb7Ts tXYk9hfXt3gLaof/5RlF6aq8zoS6nS/jr1D+X5mJZ3ZnvlEt6np35n3s0fEM+5v91g/FxHmib pPQoDQL45dPVT944tVAyD+mbYLuchXFEMzSRWdXJ2YxI9pW9a6dW6usvz+N6qrD9I9WOm7dqU LhJSnbozSOEs8ZsRPaqk4ZI1MaU08o57thWoRoKb4mv9Ma1Oe139w5CzG9W6IVNAMjnTDN9G/ Mh5b/2n
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/uwycGTVNBNp5jwLtVfbxMyl-fZ4>
Subject: [OAUTH-WG] Potential uses of PoP keys in CBOR Web Tokens (CWTs)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 18:19:48 -0000
Hi all, RFC 7800 defines how to communicate Proof of Possession (PoP) keys for JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT) draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of the JSON/JOSE JWT spec. The ACE working group is planning to also define a CBOR/COSE equivalent of RFC 7800 and is interested in knowing how you might use CBOR proof-of-possession keys for CWTs. Please drop us a message if you are using CBOR PoP keys for CWTs. We would like to learn more about your usage. Ciao Hannes & Kepeng
- [OAUTH-WG] Potential uses of PoP keys in CBOR Web… Hannes Tschofenig
- Re: [OAUTH-WG] Potential uses of PoP keys in CBOR… Nat Sakimura
- Re: [OAUTH-WG] [Ace] Potential uses of PoP keys i… John Bradley