Thanks for your review, Scott. I'm adding the working group to the thread so they're aware of your comments. Replies are inline below...
-----Original Message----- From: Scott Brim [mailto:scott.b...@gmail.com] Sent: Monday, September 29, 2014 2:08 PM To: gen-art; draft-ietf-jose-json-web-key....@tools.ietf.org Subject: gen-art telechat review of draft-ietf-jose-json-web-key-33 I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-jose-json-web-key-33 Reviewer: Scott Brim Review Date: 2014-09-28 IETF LC End Date: 2014-09-03 IESG Telechat date: 2014-10-02 Summary: ready with possible minor issues Major issues: Minor issues: More than once it is said that members that are not understood should or must be ignored. Wouldn't this depend on context? Couldn't there be uses of the data structure where a negative reply would be needed if something is not understood, so the sender can adapt? This language is present so that extensions carrying additional information can be added in a non-breaking fashion. You’re right that, in theory, a “must-understand” capability could be added for particular fields, as was done for JOSE header parameters in https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33#section-4.1.11, but in practice, no working group member has come forward saying they are aware of an application that needs this for key representations. Rather, the working group’s thoughts were that multiple keys would be present in a JWK Set, some of which might not be understood, but those that are understood would be used. This might be the case, for instance, when an entirely new key type (not RSA, Elliptic Curve, or Symmetric) is invented and added at some point in the future. Do you have a specific example in mind that requires a “must-understand” capability for key representations? In Section 4.3, you give the general principle that multiple unrelated key operations shouldn't be specified for a key, and give an example. Since this is a security issue of unknown magnitude (the future isn't here yet), what do you think of removing uncertainty by being more exhaustive in the principles and/or examples? This is a “SHOULD NOT” rather than a “MUST NOT” because there are existing use cases in which the same RSA key is used for both signing and encryption. I’m not an expert in the underlying cryptography, but it’s my understanding that this is quasi-OK for RSA because both RSA signatures and RSA encryption actually are based on an RSA encryption operation, and so what appears to be using a key being used for unrelated operations actually isn’t under the covers, in this particular case. However, if you want to supply additional proposed security considerations text on this issue (or possibly even better, cite pertinent security considerations text in an existing RFC that we could reference), that would be appreciated. Nits/editorial comments: ... Scott Thanks again, -- Mike
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art