IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-jose-json-web-signature-31

Mike Jones <Michael.Jones@microsoft.com> Mon, 22 September 2014 19:20 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDD2B1A1ACA; Mon, 22 Sep 2014 12:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ji_v1DFnBx3A; Mon, 22 Sep 2014 12:20:12 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0146.outbound.protection.outlook.com [65.55.169.146]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1811E1A1BD3; Mon, 22 Sep 2014 12:20:12 -0700 (PDT)
Received: from DM2PR03CA0026.namprd03.prod.outlook.com (10.141.96.25) by BY1PR0301MB1207.namprd03.prod.outlook.com (25.161.203.156) with Microsoft SMTP Server (TLS) id 15.0.1034.13; Mon, 22 Sep 2014 19:20:10 +0000
Received: from BN1AFFO11FD025.protection.gbl (2a01:111:f400:7c10::193) by DM2PR03CA0026.outlook.office365.com (2a01:111:e400:2428::25) with Microsoft SMTP Server (TLS) id 15.0.1029.13 via Frontend Transport; Mon, 22 Sep 2014 19:20:09 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD025.mail.protection.outlook.com (10.58.52.85) with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Mon, 22 Sep 2014 19:20:09 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.23]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0195.002; Mon, 22 Sep 2014 19:19:33 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Tero Kivinen <kivinen@iki.fi>
Thread-Topic: Secdir review of draft-ietf-jose-json-web-signature-31
Thread-Index: AQHPyDgrWdMUgOdf8EqNa4N9Ytbe4ZvzQwoggARGNkCADAcqAIAFVMkQgARgVwCAAFyUwA==
Date: Mon, 22 Sep 2014 19:19:32 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BA6811A@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <21512.21725.209461.976375@fireball.kivinen.iki.fi> <4E1F6AAD24975D4BA5B16804296739439AEABA21@TK5EX14MBXC292.redmond.corp.microsoft.com> <21528.638.485017.482257@fireball.kivinen.iki.fi> <4E1F6AAD24975D4BA5B16804296739439BA5A04D@TK5EX14MBXC286.redmond.corp.microsoft.com> <21536.10026.506235.155913@fireball.kivinen.iki.fi>
In-Reply-To: <21536.10026.506235.155913@fireball.kivinen.iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.79]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(199003)(189002)(51704005)(83322001)(2656002)(20776003)(44976005)(87936001)(92566001)(92726001)(19580395003)(84676001)(31966008)(85806002)(69596002)(79102003)(76176999)(97756001)(15975445006)(23726002)(66066001)(6806004)(55846006)(21056001)(99396002)(26826002)(64706001)(74662003)(81542003)(81342003)(81156004)(50466002)(47776003)(86362001)(46102003)(77096002)(77982003)(83072002)(95666004)(93886004)(76482002)(106116001)(110136001)(104016003)(33656002)(80022003)(74502003)(46406003)(68736004)(86612001)(106466001)(97736003)(230783001)(90102001)(85306004)(85852003)(107046002)(50986999)(54356999)(4396001)(120916001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1207; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1207;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 034215E98F
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/NjOB0d_YOUY-ag5C0OadxwHzGwE
Cc: "jose@ietf.org" <jose@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-jose-json-web-signature.all@tools.ietf.org" <draft-ietf-jose-json-web-signature.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-jose-json-web-signature-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 19:20:16 -0000

>> For your point "4) Thumbprint formats" if you or someone else wants to 
>> define an additional thumbprint format for use in IoT contexts (or any 
>> other contexts), I encourage you to write an Internet Draft that does 
>> so, registering the new header parameter defined in the JSON Web 
>> Signature and Encryption Header Parameters registry.
>
> That can of course be done, but I would have hoped the initial version of the specification would also be usable in the IoT context, where the use of raw public keys will most likely arise.

If what you want is a thumbprint over a raw key, see the individual submission draft https://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-01, which defines a method for doing this.  The -01 version incorporates working group feedback from Toronto.  In Toronto, I'd asked whether the working group wanted to adopt it as a working group draft and a decision hasn't been made on that yet.  If this would be useful for IoT applications, that would be good to know.

				-- Mike

v2.23.0 | Report a Bug | By Email