[secdir] JOSE -33 and JWT -27 drafts addressing Stephen Kent's JWK comments

Mike Jones <Michael.Jones@microsoft.com> Fri, 26 September 2014 06:50 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09FE01A1A4C; Thu, 25 Sep 2014 23:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSN1aal4CLOd; Thu, 25 Sep 2014 23:50:27 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0148.outbound.protection.outlook.com [207.46.100.148]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C02C1A1A4B; Thu, 25 Sep 2014 23:50:27 -0700 (PDT)
Received: from BN3PR0301CA0030.namprd03.prod.outlook.com (25.160.180.168) by BY1PR0301MB1206.namprd03.prod.outlook.com (25.161.203.155) with Microsoft SMTP Server (TLS) id 15.0.1039.15; Fri, 26 Sep 2014 06:50:26 +0000
Received: from BL2FFO11FD042.protection.gbl (2a01:111:f400:7c09::124) by BN3PR0301CA0030.outlook.office365.com (2a01:111:e400:4000::40) with Microsoft SMTP Server (TLS) id 15.0.1039.15 via Frontend Transport; Fri, 26 Sep 2014 06:50:25 +0000
Received: from mail.microsoft.com (131.107.125.37) by BL2FFO11FD042.mail.protection.outlook.com (10.173.161.138) with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Fri, 26 Sep 2014 06:50:24 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.23]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.03.0195.002; Fri, 26 Sep 2014 06:50:03 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JOSE -33 and JWT -27 drafts addressing Stephen Kent's JWK comments
Thread-Index: Ac/ZVhaqqi9ajrUwS1qjChsAUf1zkg==
Date: Fri, 26 Sep 2014 06:50:03 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BA7DCD8@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BA7DCD8TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(199003)(189002)(90102001)(107046002)(86612001)(20776003)(229853001)(69596002)(74502003)(74662003)(46102003)(92726001)(2351001)(64706001)(86362001)(512954002)(92566001)(19300405004)(104016003)(68736004)(66066001)(99396003)(83322001)(19617315012)(81542003)(71186001)(81342003)(77982003)(85852003)(83072002)(80022003)(79102003)(110136001)(77096002)(44976005)(95666004)(54356999)(15202345003)(50986999)(85306004)(10300001)(76482002)(31966008)(4396001)(120916001)(84326002)(19580395003)(97736003)(2656002)(21056001)(81156004)(2501002)(87936001)(33656002)(55846006)(15975445006)(16236675004)(19625215002)(106466001)(16297215004)(85806002)(6806004)(84676001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1206; H:mail.microsoft.com; FPR:; MLV:sfv; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1206;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03468CBA43
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/lT6BmAC6oDjcF51n72vQvV9pl9g
Cc: Barry Leiba <barryleiba@computer.org>, "'ietf@ietf.org'" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] JOSE -33 and JWT -27 drafts addressing Stephen Kent's JWK comments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2014 06:50:30 -0000

Updated JOSE and JWT drafts have been published that address JSON Web Key (JWK) secdir review comments by Stephen Kent that were inadvertently not addressed in the previous versions.  Most of the changes were to the JWK draft.  A few changes also had to be made across the other drafts to keep them in sync.  I also added acknowledgements to several additional contributors.  No breaking changes were made.

The specifications are available at:

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-33

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-33

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-33

*        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27

Differences since the previous drafts can be viewed at:

*        http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-signature-33

*        http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-encryption-33

*        http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-key-33

*        http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-algorithms-33

*        http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-json-web-token-27

HTML formatted versions are available at:

*        http://self-issued.info/docs/draft-ietf-jose-json-web-signature-33.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-33.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-key-33.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-33.html

*        http://self-issued.info/docs/draft-ietf-oauth-json-web-token-27.html

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1286 and as @selfissued.