On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell <[email protected]>wrote:
> I like this change and think it will make it much more straightforward to > consume the examples. > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point. > Yes. This change should be made. Technically, only the modulus (n) and private exponent (d) are required. So the requirement levels for a private key would be: n, d: MUST e: SHOULD (so that you can derive the corresponding public key) p,q,dp,dq,qi: MAY (since these are all optimizations) --Richard > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones > <[email protected]>wrote: > >> FYI – this was done in the -12 drafts.**** >> >> ** ** >> >> -- Mike**** >> >> ** ** >> >> *From:* Mike Jones [mailto:[email protected]] >> *Sent:* Friday, June 21, 2013 8:58 AM >> *To:* Matt Miller (mamille2); Richard Barnes >> >> *Cc:* Jim Schaad; [email protected]; >> [email protected] >> *Subject:* RE: [jose] Keys in the documents**** >> >> ** ** >> >> Will do.**** >> ------------------------------ >> >> *From: *Matt Miller (mamille2) >> *Sent: *6/21/2013 6:06 AM >> *To: *Richard Barnes >> *Cc: *Jim Schaad; [email protected]; >> [email protected] >> *Subject: *Re: [jose] Keys in the documents >> >> +1 >> >> On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]> >> wrote: >> >> > +1 >> > >> > On Thursday, June 20, 2013, Jim Schaad wrote: >> > >> >> Is there any reason not to provide the public and private keys in the >> >> appendixes as JWK objects? This would make them easier to understand >> and >> >> put them into a format that one expects to be understood by JOSE >> systems.* >> >> *** >> >> >> >> ** ** >> >> >> >> Jim**** >> >> >> >> ** ** >> >> >> >> - m&m >> >> Matt Miller < [email protected] > >> Cisco Systems, Inc.**** >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >> > On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell <[email protected]>wrote: > I like this change and think it will make it much more straightforward to > consume the examples. > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point. > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones > <[email protected]>wrote: > >> FYI – this was done in the -12 drafts.**** >> >> ** ** >> >> -- Mike**** >> >> ** ** >> >> *From:* Mike Jones [mailto:[email protected]] >> *Sent:* Friday, June 21, 2013 8:58 AM >> *To:* Matt Miller (mamille2); Richard Barnes >> >> *Cc:* Jim Schaad; [email protected]; >> [email protected] >> *Subject:* RE: [jose] Keys in the documents**** >> >> ** ** >> >> Will do.**** >> ------------------------------ >> >> *From: *Matt Miller (mamille2) >> *Sent: *6/21/2013 6:06 AM >> *To: *Richard Barnes >> *Cc: *Jim Schaad; [email protected]; >> [email protected] >> *Subject: *Re: [jose] Keys in the documents >> >> +1 >> >> On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]> >> wrote: >> >> > +1 >> > >> > On Thursday, June 20, 2013, Jim Schaad wrote: >> > >> >> Is there any reason not to provide the public and private keys in the >> >> appendixes as JWK objects? This would make them easier to understand >> and >> >> put them into a format that one expects to be understood by JOSE >> systems.* >> >> *** >> >> >> >> ** ** >> >> >> >> Jim**** >> >> >> >> ** ** >> >> >> >> - m&m >> >> Matt Miller < [email protected] > >> Cisco Systems, Inc.**** >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >> >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
