Re: [jose] Key Managed JSON Web Signature (KMJWS) specification

Tue, 03 Mar 2015 03:04:26 -0800 

On 2015-03-03 11:42, Mike Jones wrote:


I took a little time today and wrote a short draft specifying a JWS-like object that uses 
key management for the MAC key used to integrity protect the payload.  We had considered 
doing this in JOSE issue #2 <http://trac.tools.ietf.org/wg/jose/trac/ticket/2> but 
didn’t do so at the time because of lack of demand.  However, I wanted to get this down now 
to demonstrate that it is easy to do and specify a way to do it, should demand develop in 
the future – possibly after the JOSE working group 
<http://datatracker.ietf.org/wg/jose/charter/> has been closed.  See 
http://tools.ietf.org/html/draft-jones-jose-key-managed-json-web-signature-00 or 
http://self-issued.info/docs/draft-jones-jose-key-managed-json-web-signature-00.html.

This spec reuses key management functionality already present in the JWE spec 
<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption> and MAC 
functionality already present in the JWS spec 
<http://tools.ietf.org/html/draft-ietf-jose-json-web-signature>.  The result is 
essentially a JWS with an Encrypted Key value added, and a new “mac” Header Parameter value 
representing the MAC algorithm used. (Like JWE, the key management algorithm is carried in 
the “alg” Header Parameter value.)



I guess I'm stupid but I don't understand what this scheme brings to the table 
over what for example RSA signatures already provide.
A short rationale for us imbeciles would be nice to have :-)

Anders


I also wrote this now as possible input into our thinking on options for creating a 
CBOR <http://tools.ietf.org/html/rfc7049> JOSE mapping.  If there are CBOR use 
cases needing managed MAC keys, this could help us reason about ways to structure the 
solution.

Yes, the spec name and abbreviation are far from catchy.  Better naming ideas 
would be great.

Feedback welcomed.

-- Mike

P.S.  This note was also posted at http://self-issued.info/?p=1344 
<http://self-issued.info/?p=1344> and as @selfissued.



_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose






















					Reply via email to