Hi guys, A recent release of the Nimbus JOSE+JWT library added support for the new JWK "key_ops" parameter and we put code in place to prevent people from constructing JWKs with both "use" and "key_ops".
I need help with interpreting the following sentence though: http://tools.ietf.org/html/draft-ietf-jose-json-web-key-25#section-3.2 ``` [The "use" parameter] is not intended for use cases in which private or symmetric keys may also be present. ``` Is the meaning of "not intended" a SHOULD NOT or a MUST NOT contain private parts? We make extensive use of RSA JWKs with private + public parts that have their use encoded in the "use" parameter, before the public part get extracted and published to client apps (with the same "use" parameter of course). Justin's JWK generator also does that. What is the rationale to want to limit "use" to public keys only? Cheers, Vladimir _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
