-14 now describes which RSA key parameters are there to enable optimizations,
and states that their presence is RECOMMENDED, and that if any are present, all
must be present (yes, with special language for the case of 3 or more prime
factors).
-- Mike
From: Richard Barnes [mailto:[email protected]]
Sent: Tuesday, July 16, 2013 4:21 PM
To: Brian Campbell
Cc: Mike Jones; Matt Miller (mamille2); Jim Schaad;
[email protected]<mailto:[email protected]>
Subject: Re: [jose] Keys in the documents
On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell
<[email protected]<mailto:[email protected]>> wrote:
I like this change and think it will make it much more straightforward to
consume the examples.
One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for RSA
Private Keys" [1] it says that all the members (excepting "oth") are required
for private keys.
However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d"
(Private Exponent) Parameter part of the private portion.
Can we relax/change JWA to say something like "d" is always required and either
all of others (with the caveat for "oth") are required to be there together or
that they all need to be omitted?
The Private Exponent is all that's functionally needed, right? And the rest are
optimizations? I honestly don't know much (okay anything) about CRT vs plain
old RSA keys. But it seems like there are cases where it'd be totally
reasonable to have just the "d" - and the examples in JWS and JWE seem to make
that point.
Yes. This change should be made. Technically, only the modulus (n) and
private exponent (d) are required. So the requirement levels for a private key
would be:
n, d: MUST
e: SHOULD (so that you can derive the corresponding public key)
p,q,dp,dq,qi: MAY (since these are all optimizations)
--Richard
[1]
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2
[2]
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4
[3]
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1
On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones
<[email protected]<mailto:[email protected]>> wrote:
FYI - this was done in the -12 drafts.
-- Mike
From: Mike Jones
[mailto:[email protected]<mailto:[email protected]>]
Sent: Friday, June 21, 2013 8:58 AM
To: Matt Miller (mamille2); Richard Barnes
Cc: Jim Schaad;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: RE: [jose] Keys in the documents
Will do.
________________________________
From: Matt Miller (mamille2)
Sent: 6/21/2013 6:06 AM
To: Richard Barnes
Cc: Jim Schaad;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: Re: [jose] Keys in the documents
+1
On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]<mailto:[email protected]>>
wrote:
> +1
>
> On Thursday, June 20, 2013, Jim Schaad wrote:
>
>> Is there any reason not to provide the public and private keys in the
>> appendixes as JWK objects? This would make them easier to understand and
>> put them into a format that one expects to be understood by JOSE systems.*
>> ***
>>
>> ** **
>>
>> Jim****
>>
>> ** **
>>
- m&m
Matt Miller < [email protected]<mailto:[email protected]> >
Cisco Systems, Inc.
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell
<[email protected]<mailto:[email protected]>> wrote:
I like this change and think it will make it much more straightforward to
consume the examples.
One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for RSA
Private Keys" [1] it says that all the members (excepting "oth") are required
for private keys.
However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d"
(Private Exponent) Parameter part of the private portion.
Can we relax/change JWA to say something like "d" is always required and either
all of others (with the caveat for "oth") are required to be there together or
that they all need to be omitted?
The Private Exponent is all that's functionally needed, right? And the rest are
optimizations? I honestly don't know much (okay anything) about CRT vs plain
old RSA keys. But it seems like there are cases where it'd be totally
reasonable to have just the "d" - and the examples in JWS and JWE seem to make
that point.
[1]
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2
[2]
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4
[3]
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1
On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones
<[email protected]<mailto:[email protected]>> wrote:
FYI - this was done in the -12 drafts.
-- Mike
From: Mike Jones
[mailto:[email protected]<mailto:[email protected]>]
Sent: Friday, June 21, 2013 8:58 AM
To: Matt Miller (mamille2); Richard Barnes
Cc: Jim Schaad;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: RE: [jose] Keys in the documents
Will do.
________________________________
From: Matt Miller (mamille2)
Sent: 6/21/2013 6:06 AM
To: Richard Barnes
Cc: Jim Schaad;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: Re: [jose] Keys in the documents
+1
On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]<mailto:[email protected]>>
wrote:
> +1
>
> On Thursday, June 20, 2013, Jim Schaad wrote:
>
>> Is there any reason not to provide the public and private keys in the
>> appendixes as JWK objects? This would make them easier to understand and
>> put them into a format that one expects to be understood by JOSE systems.*
>> ***
>>
>> ** **
>>
>> Jim****
>>
>> ** **
>>
- m&m
Matt Miller < [email protected]<mailto:[email protected]> >
Cisco Systems, Inc.
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
