- From: Mark Watson <watsonm@netflix.com>
- Date: Mon, 16 Dec 2013 07:50:50 -0800
- To: Mike Jones <Michael.Jones@microsoft.com>
- Cc: Ryan Sleevi <sleevi@google.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAEnTvdAOqXUAdGLuKtrL2cD+yWq0p5qeaVmvs8w8Xy576gJCAg@mail.gmail.com>
On Mon, Dec 16, 2013 at 7:44 AM, Mike Jones <Michael.Jones@microsoft.com>wrote: > From my point of view, it would be a lot cleaner to use a different JWK > identifier than “use”, such as “WebCrypto_uses” than to overload “use” with > different, but related values. It will hurt interoperation by creating > keys that use a common identifier differently, and in a non-interoperable > manner. It would be far better to use a different identifier, which can be > safely ignored by vanilla JWK implementations, rather than to overload the > standard identifier, and potentially cause JWK implementations to reject > the keys. > This is what I originally proposed and there was strong push-back: See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 Given that both the value space of "use" and the set of attributes are subject to extension through IANA, it's no clear why a JWK library would take a different approach to unrecognized "use" values that it does to unrecognized attributes. ...Mark > > > Since “use” is OPTIONAL, WebCrypto could also specify that it not be used > in a JWK when “WebCrypto_uses” is used, so that there’s no duplication of > information. > > > > -- Mike > > > > *From:* Mark Watson [mailto:watsonm@netflix.com] > *Sent:* Monday, December 16, 2013 7:37 AM > *To:* Ryan Sleevi > *Cc:* GALINDO Virginie; public-webcrypto@w3.org; Mike Jones > *Subject:* Re: JWK attributes for WebCrypto keys: last call > > > > > > Sent from my iPhone > > > On Dec 16, 2013, at 7:32 AM, Ryan Sleevi <sleevi@google.com> wrote: > > Were we not waiting to hear from JOSE? > > We heard from them that it is ok / intended for others to register new > use values for JWK and they have modified their specification accordingly. > > > > Separately, I have raised the question of whether we should change the > comma-separated string format for multiple use values to an Array. On this > there is no consensus yet, so we should stick with the format in the > proposal and now in the Editor's Draft. > > > > ...Mark > > > > On Dec 16, 2013 7:07 AM, "GALINDO Virginie" <Virginie.GALINDO@gemalto.com> > wrote: > > Dear all, > > FYI, as there was no comment to this call, the text proposed by Mark has > been integrated. > > Virginie > > > > *From:* Mark Watson [mailto:watsonm@netflix.com] > *Sent:* lundi 2 décembre 2013 17:32 > *To:* public-webcrypto@w3.org > *Subject:* JWK attributes for WebCrypto keys: last call > > > > All, > > > > On our call today we discussed the proposal for this [1] which I revised > as a result of the email/bug discussion (Comment 12 to [1]). There were no > further comments on the call and have been no further comments on the list. > > > > We agreed to send a "last chance" email to the list (that is what this > is). In the absence of comments we'll add this material to the editor's > draft. > > > > ...Mark > > > > [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 > > > ------------------------------ > > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus > >
Received on Monday, 16 December 2013 15:51:21 UTC