Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

John Bradley <ve7jtb@ve7jtb.com> Tue, 16 September 2014 20:13 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B62F1A038F for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 13:13:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HL5_EY6i0UkH for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 13:13:02 -0700 (PDT)
Received: from mail-qc0-f180.google.com (mail-qc0-f180.google.com [209.85.216.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB6A11A009C for <secdir@ietf.org>; Tue, 16 Sep 2014 13:13:01 -0700 (PDT)
Received: by mail-qc0-f180.google.com with SMTP id m20so621702qcx.39 for <secdir@ietf.org>; Tue, 16 Sep 2014 13:13:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=S/0g2Tn/IQkWWo+2UhJd2i1AdP9sP3HUXPQraV67sLA=; b=ZfGHy+SHaBnq5yc5CbXQCrZsti4UXUsit3apqgI/PSeDTSMS8ri1nt9DdYJ6bn01LT ayjHA9dxihLCZXrhfoP1oXNv23qu7cpGvjPEw/bEtUySSht6AbkBOIuZokatg/GWk3BU PvpYABAJFfpupMU26cdFBlc6WMA4rR+Xn3qPMWWM+ttq53v3eLLi4psEu4sgjA9A6fKX Fe3XuJTbCuxBP1PD4oSiMbTkzdP0+Crgv+54+Yu/5MIxpXi8b24+CFnjDSvm70aXTcH6 X5/0JEQwlyzCb0fYvuilJJmGsZidtWJxM+VFhKKKvg7mBgZmM5m3+oYpkLrgiq3FfsL3 mPOw==
X-Gm-Message-State: ALoCoQlSz43fyn1Hjqk5eB3yWrmcIBnsMalIwnPKUL9Mvf77KoR1tV3Le5a7RCpJGf+A1kO15gYr
X-Received: by 10.224.15.201 with SMTP id l9mr44242419qaa.27.1410898380817; Tue, 16 Sep 2014 13:13:00 -0700 (PDT)
Received: from [107.18.148.173] ([107.18.148.173]) by mx.google.com with ESMTPSA id o94sm12584913qge.11.2014.09.16.13.12.57 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 16 Sep 2014 13:12:58 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_68ACEB12-DA4D-450D-A5C9-5826B3813F07"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <5418987E.1060307@bbn.com>
Date: Tue, 16 Sep 2014 17:12:56 -0300
Message-Id: <CFD36394-E707-4D51-9689-DD8B1FD320D5@ve7jtb.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com> <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECE40B@TK5EX14MBXC292.redmond.corp.microsoft.com> <54184EBA.3010109@bbn.com> <4E1F6AAD24975D4BA5B16804296739439AED1727@TK5EX14MBXC292.redmond.corp.microsoft.com> <5418987E.1060307@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/vtCRY-qbv3yHTq36rQ1y0YSUCQg
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Michael Jones <Michael.Jones@microsoft.com>, Tim Bray <tbray@textuality.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 20:13:04 -0000

It is the first case.

JOSE libraries are typically using the built in JSON parsers in their environments at the moment.  Not surprisingly as the parsers are built in to most languages now.
It is those that don't reject duplicate members, not the JOSE libraries as the parser makes all but one of the duplicates disappear in most if not all cases.

John B.

On Sep 16, 2014, at 5:07 PM, Stephen Kent <kent@bbn.com> wrote:

> Mike,
>> ...
>> 
>> JWK objects are already used in production to distribute public keys.  For instance, the keys for Salesforce’s identity services are in JWK format at https://login.salesforce.com/id/keys.  (Note that I’m not saying that just because the current specs are in use, that no changes are possible.)
>> if not that, what is the point of this comment?
>> 
>> The point of the comment was simply to answer your question “What is the existing software to which you and Tim refer…?”
> And I have not yet received an answer to that question, in terms I can understand.
> 
> Let me try again.
> 
> What is the impediment to requiring a receiver of a JWK object to reject the object if
> it contains more than one instance of a key? 
> 
> Is it a limitation of a parser that are completely independent of the JOSE work that defines
> the JWK objects, or is it the result of how folks have written code to parse such objects?
> 
> If the answer is the first clause, then I understand the reluctance to impose that requirement.
> 
> If the answer is the latter, then this is an argument based on early implementation
> of an IETF spec, and that is not an good reason to accommodate such sloppiness.
> 
> Steve
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose