No, it includes the key type not the algorithm. It says this is an RSA key not that this is an RSA key to be used with the RSA-PSS-with-SHA512 algorithm.
> -----Original Message----- > From: Daniel Holth [mailto:[email protected]] > Sent: Monday, April 14, 2014 1:51 PM > To: Jim Schaad > Cc: Mike Jones; jose > Subject: Re: [jose] JSON Web Key (JWK) Thumbprint Specification > > The thumbprint includes the algorithm but not the usage restrictions. > A practical certificate would certainly include "trusted for ..." > constraints. Simply not having to store the kid since a substitute can be > computed from the actual key material is advantage enough for me. > > On Mon, Apr 14, 2014 at 4:38 PM, Jim Schaad <[email protected]> wrote: > > I would have problems with that if it did not come with additional > > restrictions > on the key that I might want to additionally state -such as restricting the > key to > be used with specific algorithms or key usages. > > > > > >> -----Original Message----- > >> From: Daniel Holth [mailto:[email protected]] > >> Sent: Monday, April 14, 2014 1:39 PM > >> To: Jim Schaad > >> Cc: Mike Jones; jose > >> Subject: Re: [jose] JSON Web Key (JWK) Thumbprint Specification > >> > >> For me the finger/thumbprint is something you could sign as part of > >> an "I trust this key" assertion since it is a property of a specific > >> key rather than an arbitrary association. > >> > >> On Mon, Apr 14, 2014 at 4:06 PM, Jim Schaad <[email protected]> > wrote: > >> > What are the practical benefits for this over using the kid parameter? > >> > > >> > > >> > > >> > Jim > >> > > >> > > >> > > >> > > >> > > >> > From: jose [mailto:[email protected]] On Behalf Of Mike Jones > >> > Sent: Thursday, April 10, 2014 5:50 PM > >> > To: [email protected] > >> > Subject: [jose] JSON Web Key (JWK) Thumbprint Specification > >> > > >> > > >> > > >> > I created a new simple spec that defines a way to create a > >> > thumbprint of an arbitrary key, based upon its JWK representation. > >> > The abstract of the spec > >> > is: > >> > > >> > > >> > > >> > This specification defines a means of computing a thumbprint value > >> > (a.k.a. > >> > digest) of JSON Web Key (JWK) objects analogous to the x5t (X.509 > >> > Certificate SHA-1 Thumbprint) value defined for X.509 certificate > >> > objects. > >> > This specification also registers the new JSON Web Signature (JWS) > >> > and JSON Web Encryption (JWE) Header Parameters and the new JSON > >> > Web Key > >> > (JWK) member name jkt (JWK SHA-256 Thumbprint) for holding these > values. > >> > > >> > > >> > > >> > The desire for this came up in an OpenID Connect context, but it s > >> > of general applicability, so I decided to submit the spec to the > >> > JOSE working group. Thanks to James Manger, John Bradley, and Nat > >> > Sakimura for the discussions that led up to this spec. > >> > > >> > > >> > > >> > The specification is available at: > >> > > >> > > >> > http://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-00 > >> > > >> > > >> > > >> > An HTML formatted version is also available at: > >> > > >> > > >> > https://self-issued.info/docs/draft-jones-jose-jwk-thumbprint-00.ht > >> > ml > >> > > >> > > >> > > >> > -- Mike > >> > > >> > > >> > > >> > P.S. I also posted this notice at http://self-issued.info/?p=1213 > >> > and as @selfissued. > >> > > >> > > >> > > >> > > >> > _______________________________________________ > >> > jose mailing list > >> > [email protected] > >> > https://www.ietf.org/mailman/listinfo/jose > >> > > > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
