Do there need to be any requirements for JWK to carry algorithms?
From: Mike Jones [mailto:[email protected]] Sent: Monday, January 13, 2014 10:18 AM To: Jim Schaad Cc: [email protected] Subject: RE: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms for JWK I'm having trouble finding the message you're referring to with the choices. Maybe you could resend it? I think the choices we're discussing here are to: (1) Change the name of "Implementation Requirements" to "JOSE Implementation Requirements" (already done) (2) Change the names of all of "Required", "Optional", "Recommended", and "Prohibited". (3) Change just the name of "Prohibited". (1) is straightforward and further clarified things. (2) would be consistent, but seems unnecessarily verbose. (3) would be inconsistent. Answering your first question, I believe that if we rewrite any of the names, I believe that, yes, we need to rewrite all of them, for consistency purposes. I'm pretty sure I don't understand your second question. What do you mean by "the keying only algorithm"? -- Mike From: Jim Schaad [mailto:[email protected]] Sent: Thursday, December 19, 2013 11:44 AM To: Mike Jones; 'Richard Barnes'; 'Karen ODonoghue' Cc: [email protected] Subject: RE: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms for JWK Mike, I had offered a number of possibilities, do you see the same rewrite for all of them? If we do the JOSE Implementation Requirements, what does this mean in terms of what you would do for the keying only algorithms? Jim From: jose [mailto:[email protected]] On Behalf Of Mike Jones Sent: Thursday, December 19, 2013 12:02 AM To: Richard Barnes; Karen ODonoghue Cc: [email protected] Subject: Re: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms for JWK I guess my problem with changing "Prohibited" to "Prohibited for JWS and JWE" is that then to be parallel we'd need to change "Required" to one of "Required for JWS", "Required for JWE", or "Required for JWS and JWE", depending up context, change "Recommended"., change "Optional"., change "Deprecated"., etc. It wouldn't change the meaning at all and it would add a lot of unnecessary verbal clutter. This wouldn't just affect "Prohibited". I'd much rather handle this a different way, and change the registry field name from "Implementation Requirements" to "JOSE Implementation Requirements", rather than qualifying every registry field value in a complicated way - that is, if people really believe that a change would be an improvement. -- Mike From: jose [mailto:[email protected]] On Behalf Of Richard Barnes Sent: Wednesday, December 18, 2013 3:42 PM To: Karen ODonoghue Cc: [email protected] Subject: Re: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms for JWK I'm with Jim and Karen on this one. On Wed, Dec 18, 2013 at 4:42 PM, Karen O'Donoghue <[email protected]> wrote: True, but, is there any harm in making the term clearer as well? I don't see one... Karen On 12/13/13 11:53 PM, Mike Jones wrote: The meaning of "Prohibited" is already clear. http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18#section-7. 1.1 says: Any identifiers registered for non-authenticated encryption algorithms or other algorithms that are otherwise unsuitable for direct use as JWS or JWE algorithms must be registered as "Prohibited". I don't think a change is needed. -- Mike From: jose [mailto:[email protected]] On Behalf Of Mark Watson Sent: Friday, December 13, 2013 5:43 PM To: Jim Schaad Cc: [email protected] Subject: Re: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms for JWK Yes, I think it would be clearer to change or quality the term. "JWK only" or "Key Transport Only" or "Prohibited for JWE/JWS" could all work. FYI, the WebCrypto registrations are not in the Editor's Draft at https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html, though there remains the question of whether we could register an Array format instead of a string for JWK, as per my earlier mail (comments please!). ...Mark On Fri, Dec 13, 2013 at 5:00 PM, Jim Schaad <[email protected]> wrote: Minor question before I close this bug. Is there any sentiment to use a term that is not quite as "nasty" as "Prohibited" in the registration record. Specifically something along the lines of "Key Transport Only". Jim _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
