Re: JWK attributes for WebCrypto keys: last call

On Mon, Dec 16, 2013 at 7:44 AM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  From my point of view, it would be a lot cleaner to use a different JWK
> identifier than “use”, such as “WebCrypto_uses” than to overload “use” with
> different, but related values.  It will hurt interoperation by creating
> keys that use a common identifier differently, and in a non-interoperable
> manner.  It would be far better to use a different identifier, which can be
> safely ignored by vanilla JWK implementations, rather than to overload the
> standard identifier, and potentially cause JWK implementations to reject
> the keys.
>

Mike,

Respectfully, this makes no sense to me.

I could understand your argument if the basis was that it hurt
interoperability with JWE/JWS libraries, but that's not the argument you
made - you suggested it hurts interoperability with "vanilla JWK
implementations". There is, I believe, an inherent assumption that "vanilla
JWK implementations" == "JWE and JWE", but I don't think that's the case at
all, nor do I think that's a fair sign for the JOSE efforts if that is
believed to be the case.

If JWK is meant to be a key descriptor/key container format, for use in a
variety of specifications (including JWE and JWS, but also WebCrypto), then
supporting extensions to "use" per the relevant specifications seems
absolutely the correct approach. However, if your view is that JWK is
"really" only meant for JWE/JWK, and everything else should either extend
JWE/JWS or define custom attributes, well, then I think this WG is making a
mistake by attaching to JWK, since it's clear that is not the authors'
intent.

Cheers


>
>
> Since “use” is OPTIONAL, WebCrypto could also specify that it not be used
> in a JWK when “WebCrypto_uses” is used, so that there’s no duplication of
> information.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* Monday, December 16, 2013 7:37 AM
> *To:* Ryan Sleevi
> *Cc:* GALINDO Virginie; public-webcrypto@w3.org; Mike Jones
> *Subject:* Re: JWK attributes for WebCrypto keys: last call
>
>
>
>
>
> Sent from my iPhone
>
>
> On Dec 16, 2013, at 7:32 AM, Ryan Sleevi <sleevi@google.com> wrote:
>
>  Were we not waiting to hear from JOSE?
>
>  We heard from them that it is ok / intended for others to register new
> use values for JWK and they have modified their specification accordingly.
>
>
>
> Separately, I have raised the question of whether we should change the
> comma-separated string format for multiple use values to an Array. On this
> there is no consensus yet, so we should stick with the format in the
> proposal and now in the Editor's Draft.
>
>
>
> ...Mark
>
>
>
>  On Dec 16, 2013 7:07 AM, "GALINDO Virginie" <Virginie.GALINDO@gemalto.com>
> wrote:
>
> Dear all,
>
> FYI, as there was no comment to this call, the text proposed by Mark has
> been integrated.
>
> Virginie
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* lundi 2 décembre 2013 17:32
> *To:* public-webcrypto@w3.org
> *Subject:* JWK attributes for WebCrypto keys: last call
>
>
>
> All,
>
>
>
> On our call today we discussed the proposal for this [1] which I revised
> as a result of the email/bug discussion (Comment 12 to [1]). There were no
> further comments on the call and have been no further comments on the list.
>
>
>
> We agreed to send a "last chance" email to the list (that is what this
> is). In the absence of comments we'll add this material to the editor's
> draft.
>
>
>
> ...Mark
>
>
>
> [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796
>
>
>  ------------------------------
>
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus
>
>

Received on Monday, 16 December 2013 16:11:33 UTC