Re: FW: JOSE -19 drafts intended for Working Group Last Call from Ryan Sleevi on 2013-12-29 (public-webcrypto@w3.org from December 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Sun, 29 Dec 2013 12:04:47 -0800
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: public-webcrypto@w3.org
Message-ID: <CACvaWvZyftj98zEnLyD6wwg4nAyT6qg=k47CKNO43z1VYAy=jg@mail.gmail.com>
Thanks for the quick work, Mike.

It does seem that there is still active discussion in JOSE on this, with
Richard Barnes offering a very compelling counter proposal. Individually, I
still have concerns that this introduces something "gross" (as far as spec
taste and ambiguity goes), but if JOSE is inflexible on backwards
compatibility, a path forward. I think Richard's would be a much cleaner
solution, but I'll try to keep that discussion centered in JOSE.

This would be a very important time for WrbCrypto contributors, consumers,
and implementors to raise points with JOSE if we want to actually see a
round peg fit the round hole, rather than trying to shove a square peg
through. Please do contribute to the discussions in the IETF.
On Dec 29, 2013 11:57 AM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:

>  FYI, the “use_details” JSON Web Key (JWK) field, which directly uses the
> WebCrypto KeyUsage array values, is now in the JWK spec.  See
> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-19#section-3.3.
> And as also previously discussed, the “Implementation Requirements”
> algorithm registry fields have been renamed to “JOSE Implementation
> Requirements” to make it clear that these requirements apply only to JWS
> and JWE implementations – not to all uses of the algorithms.  See
> http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-19#section-7.1
> .
>
>
>
> I believe that together, these changes unblock any issues for WebCrypto to
> directly use JWK.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* jose [mailto:jose-bounces@ietf.org] *On Behalf Of *Mike Jones
> *Sent:* Sunday, December 29, 2013 4:49 AM
> *To:* jose@ietf.org
> *Cc:* Sean Turner
> *Subject:* [jose] JOSE -19 drafts intended for Working Group Last Call
>
>
>
> JSON Object Signing and Encryption (JOSE) -19 drafts have been published
> that address all my remaining to-do items for the open issues.  I believe
> the remainder of the issues are either ready to close because of actions
> already taken in the drafts (the majority of them), require further input
> to identify any specific remaining proposed actions, if any (a few of
> them), or will be considered during Working Group Last Call (a few of
> them).  Only editorial changes and one addition were made – no breaking
> changes.
>
>
>
> In short, I believe I have addressed everything needed to bring us to
> Working Group Last Call for the JWS, JWE, JWK, and JWA specs.  (Chairs and
> Sean, please let me know whether you agree or whether you believe anything
> else remains to be done before WGLC.)
>
>
>
> The one addition was to add the optional “use_details” JWK field, as
> discussed on the JOSE list and the WebCrypto list.  While I realize that
> this proposal hasn’t gotten much review yet (I believe due to the
> holidays), I wanted to get it in so people can review it in context, and as
> a concrete step towards meeting a perceived need for additional JWK
> functionality from the WebCrypto working group.  It’s cleanly separable
> from the rest of the spec, so if the JOSE WG ends up hating it, we can
> always take it back out and possibly move it to a separate spec.  But at
> least we have a concrete write-up of it now to review.
>
>
>
> I also made a one-paragraph change to the JSON Web Token (JWT) spec to
> reference text in JWE, rather than duplicating it in JWT.
>
>
>
> See the History entries for details of the (small number of) changes made.
>
>
>
> The drafts are available at:
>
> ·        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-19
>
> ·        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-19
>
> ·        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-19
>
> ·        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-19
>
> ·        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-14
>
>
>
> HTML formatted versions are also available at:
>
> ·
> http://self-issued.info/docs/draft-ietf-jose-json-web-signature-19.html
>
> ·
> http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-19.html
>
> ·        http://self-issued.info/docs/draft-ietf-jose-json-web-key-19.html
>
> ·
> http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-19.html
>
> ·
> http://self-issued.info/docs/draft-ietf-oauth-json-web-token-14.html
>
>
>
>                                                             -- Mike
>
>
>
Received on Sunday, 29 December 2013 20:05:16 UTC