Re: JWK attributes for WebCrypto keys: last call

On Mon, Dec 16, 2013 at 8:09 AM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  I strongly suggest that you reconsider using a different attribute such
> as “WebCrypto_uses”.  This will cause no conflicts and would allow you to
> use an array, saving the complexity of parsing.  The comma-separated thing
> is a gross hack.
>
>
>
> There’s also a risk of the “use” registrations being rejected by the
> Designated Experts on the ground of duplication if you insist on trying to
> register additional values with similar meanings “enconly” alongside “enc”,
> etc.  See
> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18#section-7 for
> the instructions to the Designated Experts.  (No, experts haven’t been
> appointed yet, so this is speculation, but for risk management purposes, I
> would say away from registration requests that might fall afoul of the
> Designated Experts, when they are appointed.)
>

I would suggest that if the Designated Experts feel that it's better to
create multiple fields for "use", in order to preserve special meaning of
JWK for JWE/JWS, rather than simply treat JWK as a key container format,
then WebCrypto would be better not using JWK at all, and using something
"JWK-like".

I'm not a fan of "forking standards" by any means, but to me, such a signal
by the DE (or by JOSE) is a sign that they only see JWK for use with
"their" specs, and this would make it clearly inappropriate for use with
WebCrypto as a suitable key container format (particularly since it does
not implement JWE/JWS)


>
>
> Maybe you can talk about using a different JWK member name on the call.
> (I can’t join it because of family functions at present.)
>
>
>
>                                                             -- Mike
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* Monday, December 16, 2013 7:51 AM
> *To:* Mike Jones
> *Cc:* Ryan Sleevi; GALINDO Virginie; public-webcrypto@w3.org
>
> *Subject:* Re: JWK attributes for WebCrypto keys: last call
>
>
>
>
>
>
>
> On Mon, Dec 16, 2013 at 7:44 AM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:
>
> From my point of view, it would be a lot cleaner to use a different JWK
> identifier than “use”, such as “WebCrypto_uses” than to overload “use” with
> different, but related values.  It will hurt interoperation by creating
> keys that use a common identifier differently, and in a non-interoperable
> manner.  It would be far better to use a different identifier, which can be
> safely ignored by vanilla JWK implementations, rather than to overload the
> standard identifier, and potentially cause JWK implementations to reject
> the keys.
>
>
>
> This is what I originally proposed and there was strong push-back: See
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796
>
>
>
> Given that both the value space of "use" and the set of attributes are
> subject to extension through IANA, it's no clear why a JWK library would
> take a different approach to unrecognized "use" values that it does to
> unrecognized attributes.
>
>
>
> ...Mark
>
>
>
>
>
>
>
> Since “use” is OPTIONAL, WebCrypto could also specify that it not be used
> in a JWK when “WebCrypto_uses” is used, so that there’s no duplication of
> information.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* Monday, December 16, 2013 7:37 AM
> *To:* Ryan Sleevi
> *Cc:* GALINDO Virginie; public-webcrypto@w3.org; Mike Jones
> *Subject:* Re: JWK attributes for WebCrypto keys: last call
>
>
>
>
>
> Sent from my iPhone
>
>
> On Dec 16, 2013, at 7:32 AM, Ryan Sleevi <sleevi@google.com> wrote:
>
>  Were we not waiting to hear from JOSE?
>
>  We heard from them that it is ok / intended for others to register new
> use values for JWK and they have modified their specification accordingly.
>
>
>
> Separately, I have raised the question of whether we should change the
> comma-separated string format for multiple use values to an Array. On this
> there is no consensus yet, so we should stick with the format in the
> proposal and now in the Editor's Draft.
>
>
>
> ...Mark
>
>
>
>  On Dec 16, 2013 7:07 AM, "GALINDO Virginie" <Virginie.GALINDO@gemalto.com>
> wrote:
>
> Dear all,
>
> FYI, as there was no comment to this call, the text proposed by Mark has
> been integrated.
>
> Virginie
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* lundi 2 décembre 2013 17:32
> *To:* public-webcrypto@w3.org
> *Subject:* JWK attributes for WebCrypto keys: last call
>
>
>
> All,
>
>
>
> On our call today we discussed the proposal for this [1] which I revised
> as a result of the email/bug discussion (Comment 12 to [1]). There were no
> further comments on the call and have been no further comments on the list.
>
>
>
> We agreed to send a "last chance" email to the list (that is what this
> is). In the absence of comments we'll add this material to the editor's
> draft.
>
>
>
> ...Mark
>
>
>
> [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796
>
>
>  ------------------------------
>
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus
>
>
>