I'm sorry, John, but by your logic, JOSE is not following your own advice. "enc" is already a multiple-use for a key - it allows for both encryption and decryption. For that matter, wrap and unwrap, which are supposed to be inferred based on algorithm, which is a JWE/JWS specific aspect, and not an intrinsic aspect of JWK-as-key-representation.
Likewise, "sig" implies sign AND verify, which is meant to be unambiguous, because the assumption is always that you sign with a private key and verify with a public key, but as a conceptual framework breaks down for schemes like HMAC, which ostensibly have sign and verify (or MAC and verify, if you prefer, but we're splitting hairs here). WebCrypto desires to be *more* precise than JOSE's imprecise and overly broad, implicitly multi-use syntax. That "enc" means four possible uses, or that "sig" means two , is a clear sign that JOSE is already actively encouraging multiple uses for the same key. Mike's proposal is basically an admission that the ship has sailed on this implicit, multi-valued usage semantic - which, I can understand and sympathize with, in the name of backwards compatibility for an in-draft spec, but let's recognize that as spec'd today, JOSE is preferring and encouraging multiple uses for the same key in ways that will unquestionably encourage people to make bad mistakes (such as multiple parties using the same encryption key for traffic in either direction - requiring some degree of IV sync) On Tue, December 24, 2013 4:27 pm, John Bradley wrote: > Having it be an array encourages multiple uses for the same key. I have > stated many times that encouraging people to do that is not a good idea, > and making it easy makes people think it is a good idea. > > You can use the single value field and have multiple entries with > different key containing the same or different keys to do the same thing. > > On the practical side "use_details" is better than creating crazy dot > separated como uses. > > John B. > > On Dec 24, 2013, at 8:26 PM, Mike Jones <[email protected]> > wrote: > > > Hi all, > > > > Having reflected upon discussions among WebCrypto and JOSE participants > > about JWK usage by WebCrypto over the holidays, Id like to propose the > > two JOSE spec actions to more closely coordinate with WebCrypto: > > > > 1. Change the JWA registry field name from Implementation > > Requirements to JOSE Implementation Requirements in the JSON Web > > Signature and Encryption Algorithms Registry > > (http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18#section-7.1). > > This will make it clearer that the Implementation Requirements apply > > only to JWS and JWE implementations and not other uses of JWK (such as > > WebCrypto). This changes only non-normative text and is non-breaking. > > > > 2. Define the new JWK field use_details for recording intended > > fine-grained key usage information. This would enable WebCrypto > > KeyUsage > > (https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#key-interface) > > values to be used directly with JWK. The proposed definition is: > > > > 3.3. "use_details" (Key Use Details) Parameter > > The "use_details" (key use details) member identifies fine-grained > > details the intended use of the key. Its value is an array of > > key use details values. Values defined by this specification are: > > > > o "sign" (compute signature or MAC) > > o "verify" (verify signature or MAC) > > o "encrypt" (encrypt content) > > o "decrypt" (decrypt content and verify decryption, if applicable) > > o "wrap" (encrypt key) > > o "unwrap" (decrypt key and verify decryption, if applicable) > > o "deriveKey" (derive key) > > o "deriveBits" (derive bits not to be used as a key) > > > > Other values MAY be used. Key Use Details values can be registered > > in the IANA JSON Web Key Use Details registry defined in Section 7.3. > > The use details values are case-sensitive strings. > > Duplicate use details values MUST NOT be present in the array. > > Use of the "use_details" member is OPTIONAL, unless the application > > requires use this member to record fine-grained key usage details. > > (Note that the "use_details" values intentionally match the > > "KeyUsage" > > values defined in the WebCrypto [WebCrypto] specification.) > > > > If both "use" and "use_details" JWK members are present, the usages > > specified by them MUST be consistent. In particular, the "use" value > > "sig" corresponds to "sign" and/or "verify". The "use" value > > "enc" corresponds to all other values defined above. > > If "use_details" values corresponding to both "sig" and "enc" > > "use" values are present, the "use" member SHOULD NOT be present, > > and if present, its value MUST NOT be either "sig" or "enc". > > > > This is a non-breaking change allowing simple applications that want > > to distinguish between signing and encryption operations to continue > > doing so as they do today, while also providing a multi-valued key usage > > details field to be used by applications that want to record > > fine-grained distinctions among potential key usages, including > > distinguishing between producer and consumer operations. > > > > As I see it, while having two related key usage representations isnt > > ideal, its far better than having WebCrypto overload use with > > multi-valued values encoded in strings, such as signOnly,verifyOnly, > > which I believe is their current plan of record. > > > > Comments? > > > > -- Mike > > > > P.S. This proposal was already discussed on the WebCrypto list in the > > thread > > http://lists.w3.org/Archives/Public/public-webcrypto/2013Dec/0052.html > > and no objections were raised there that Im aware of. > > > > _______________________________________________ > > jose mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
