Re: JOSE WG request

Mike is on vacation this week after IETF.

We did discuss private keys in JWK a while ago,  I don't think a compelling use case was identified at the time.
This might be one.

Especially for Encryption I would wait to November.   Signing is more stable but Richard likely has another opinion.  
Probably in a month or so I could give you a firmer answer on signing and JWK.

John B.

On 2012-08-10, at 5:40 PM, "Richard L. Barnes" <rbarnes@bbn.com> wrote:

> Seeing as Mike hasn't responded, I'll chime in here as another active JOSE participant.  (Wearing no hats, just an individual contributor.)
> 
>> Mike,
>> 
>> The Web Cryptography Working group has noted that the API requires some access to raw key material, and the issue of whether or not to use JWK or ASN.1 as the default format came up. Two issues have come out that we'd like to know the answer to:
>> 
>> 1) JWK does not define a private key format. Does the JOSE WG plan to support a JOSE-format for private keys? If so, when?
> 
> I don't think there's any current plans to do so, but if there's a requirement from WebCrypto, it seems like it could be done.
> 
> 
>> 2)  While we'd like encourage the use of JOSE over ASN.1, it seems like for backwards compatibility having some level of ASN.1 support would be useful and we *need* a format that allows key material (both private and public) to be exported. Folks seem to leaning towards ASN.1 as a default format in the low-level API, and having JWK as a format that can be built on top of that in a possible high-level API.  Would that be OK?
> 
> I'm not sure I had the same impression w.r.t. ASN.1 in this group.  It might be useful to look at precisely what types of objects need to have serializations in the WebCrypto API (beyond ArrayBuffers), and what representations the API should support.  
> 
> 
>> 3) How stable do you believe the JOSE formats are right now? Do you think they are stable enough now we can reference them in our API draft? If not, when?
> 
> Based on discussions at the recent IETF meeting, I think there's going to be some flux in the documents over the next couple of months.  I think things will be more stable by the November IETF meeting.
> 
> --Richard
> 
> 
> 

Received on Friday, 10 August 2012 22:04:55 UTC