[OAUTH-WG] draft-ietf-oauth-pop-key-distribution

Mészáros Mihály <misi@niif.hu> Fri, 03 February 2017 14:54 UTC

Return-Path: <misi@niif.hu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 37144129DBB for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 06:54:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.091
X-Spam-Status: No, score=-3.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id r_GJMitf_4sQ for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 06:54:02 -0800 (PST)
Received: from linzer.ki.iif.hu (linzer.ki.iif.hu []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CD2A129DB9 for <oauth@ietf.org>; Fri, 3 Feb 2017 06:53:58 -0800 (PST)
Received: from cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu []) by linzer.ki.iif.hu (Postfix) with ESMTP id 6BCE74060C4; Fri, 3 Feb 2017 15:53:56 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu
Received: from linzer.ki.iif.hu ([IPv6:::ffff:]) by cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [::ffff:]) (amavisd-new, port 10024) with ESMTP id I1O6vKKN5xAT; Fri, 3 Feb 2017 15:53:55 +0100 (CET)
Received: from [IPv6:2001:738:0:401:8476:a736:d2fd:5b66] (unknown [IPv6:2001:738:0:401:8476:a736:d2fd:5b66]) by linzer.ki.iif.hu (Postfix) with ESMTPSA id 362FD4060C2; Fri, 3 Feb 2017 15:53:55 +0100 (CET)
To: draft-ietf-oauth-pop-key-distribution@tools.ietf.org, oauth@ietf.org
From: Mészáros Mihály <misi@niif.hu>
Message-ID: <3e63d207-409a-21b7-decd-fcf60f693038@niif.hu>
Date: Fri, 03 Feb 2017 15:53:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------9C0E438C963D7244AE8414D1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/wrrf3p9NahxV0h6v3xVa3rlyA5U>
Subject: [OAUTH-WG] draft-ietf-oauth-pop-key-distribution
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 14:54:04 -0000


Your draft says in

	The 'key' parameter either contains a plain JWK structure or a JWK encrypted with a JWE.

But not mentioning that plain JWK is base64url encoded.

In the same section in the example in Figure2:


That is == base64 encoded '{"alg":"RSA1_5'

So "key" is not a plain JWK JSON, but base64 encoded (plain JWK).

So it is confusing for me..

Please confirm that it is missed to state in the draft but you meant
that the plain JWK is in base64 encoded format.

The 'key' parameter either contains a plain _/bas64url encoded/_ JWK structure or a JWK encrypted with a JWE.

Many Thanks,