Hannes, Is carrying this directly in JSON better than carrying as a binary blob using the current PKCS#8 format?
I remain unconvinced that this is a true statement given the number of different ways that it can be messed up. Jim > -----Original Message----- > From: Hannes Tschofenig [mailto:[email protected]] > Sent: Friday, August 24, 2012 4:58 AM > To: Mike Jones > Cc: Jim Schaad; 'Harry Halpin'; [email protected] > Subject: Re: [jose] JOSE WG request from W3C WebCrypto API > > I had noticed the need for a mechanism to carry a privacy key in a JSON- > based format already with the work on the OAuth-HOTK document. > Without it I was only able to generate the public/private key pair on the client > and to make the public key available to the authorization server. With Mike's > new draft I can now off-load the expensive asymmetric key generation to > the server. > > I also know that this is not a mechanism that every use case would need and > hence it good that it is defined as a separate extension, as Mike did. > > On 08/23/2012 09:15 PM, Mike Jones wrote: > > The use cases come from the WebCrypto spec, which requires key > import/export, and one of the supported import/export formats is JWK. See > http://www.w3.org/2012/webcrypto/WebCryptoAPI/#KeyImporter- > interface, for instance. Search for "export" in the spec for other pertinent > sections. > > > > I'm not saying that the private key format necessarily needs to be part of > JWK itself. The right solution might very well be an optional supplemental > spec. > > > > But I do think that it would be a good thing for JOSE to try to be responsive > to the W3C's request in this regard. That why I created > http://tools.ietf.org/html/draft-jones-jose-json-private-key-00 to facilitate > concrete discussion of the possible solution space. > > > > Best wishes, > > -- Mike > > > > -----Original Message----- > > From: Jim Schaad [mailto:[email protected]] > > Sent: Saturday, August 18, 2012 3:32 AM > > To: Mike Jones; 'Harry Halpin' > > Cc: [email protected] > > Subject: RE: JOSE WG request from W3C WebCrypto API > > > > Mike, > > > > You have said that you think that doing this as JOSE structures would be > useful. It is not clear to me that there is actually a use case defined here that > bears that out. > > > > Who is responsible for building and encrypting (or decrypting and parsing) > the structure? Are we suggesting that the private keys be exported in the > clear and it is up to the JOSE developer to encrypt them or are we saying that > it is up to the WebCrypto system to do this on behalf of the JOSE developer? > > > > If we say it is the JOSE developer, then this introduces lots of places where > the private keys will be handled insecurely - if nothing else from just hanging > around in memory until they get cleaned up. > > > > If we say that it is the WebCrypto system that does this, then we are saying > that we don't really care what the format of the private key blobs is > internally, we just need to know how to deal with them from the scripting > side - which would be as a blob of some type (either a binary blob or a string > blob). > > > > Finally, how much do we want this to be a portable method of doing key > transport? All of the browsers currently have a method of doing an import > and export of an ASN.1 private key blob. What is the additional benefit that > you think would be obtained from the WebCrypto side from having a second > format that all of the browsers would need to support, but which might not > have the same level of support from various operating systems and key > devices? Would this then lead to scripters needing to have two different > sets of import/export code depending on what the internal structure was > and potentially needed to switch between the two structures? > > > > I think it makes sense to allow for the use of JOSE public keys since that is > being passed in the message structure itself. I don't believe that it makes a > great deal of sense at this point in time to have a private key structure > defined. > > > > Jim > > > > > >> -----Original Message----- > >> From: Mike Jones [mailto:[email protected]] > >> Sent: Thursday, August 16, 2012 8:49 AM > >> To: Harry Halpin; Jim Schaad; Karen O'Donoghue; > >> [email protected] > >> Cc: [email protected] > >> Subject: RE: JOSE WG request from W3C WebCrypto API > >> > >> Thanks for writing, Harry and WebCrypto WG. > >> > >> 1) About private keys, given the WebCrypto use case, I personally > >> think > > it > >> would be valuable for JOSE to define a JSON private key representation. > > To > >> make this concrete, I would propose the private key representations > >> specified in http://tools.ietf.org/html/draft-jones-jose-json-private-key. > >> You'll see that doing this is very simple; it just defines two > >> additional members for the JWK structure for representing the private > >> parts of > > Elliptic > >> Curve and RSA keys. This could either remain a separate spec from > >> JWK/JWA or be merged in, at the working group's preference. > >> > >> I had previously agreed with the position that it was not necessary > >> for > > JOSE > >> to define private key representations because we didn't have a use > >> case > > for > >> it. However, as I see it, the W3C WebCrypto API use case changes things. > >> Better for JOSE to be responsive to WebCrypto and add this simple > >> extension, either as a new spec or in the existing specs, than to > >> leave > > this > >> undone, and have it potentially be an area where otherwise standards- > >> compliant implementations diverge, and where JSON-only solutions are > >> not possible. > >> > >> Finally, I'll note that the JOSE charter > >> http://datatracker.ietf.org/wg/jose/charter/ does not preclude > >> defining private key formats. (It simply requires the definition of > >> public key > > formats > >> and is silent on the topic of private keys.) > >> > >> 2) I agree on the likely need for WebCrypto support ASN.1 for > >> backwards compatibility in some cases (just as the JOSE specs allow > >> the use of X.509 certificates). However, I believe it would be a > >> shame to preclude > > JSON-only > >> solutions by not supporting key import/export in JWK format, where > >> such solutions make sense. > >> > >> 3) It appears to me the JWK format is stable. I believe the JWS > >> format > > is > >> stable as well. The JWE format has known changes that will be > >> applied shortly, based upon working group discussions at IETF 84 in > >> Vancouver two weeks ago. Some JWA changes will occur that are part of > the JWE changes. > > I > >> don't anticipate significant changes after that. (Making these > >> changes is > > my > >> highest priority as JOSE editor. I'm hoping to have drafts out > >> containing > > them > >> by the end of August, which hopefully fits well with the WebCrypto > >> schedule.) I write all of the above with the caveat that the working > > group is, > >> of course, free to change things as they see fit. > >> > >> I look forward to a productive discussion of this coordination > >> request in > > both > >> working groups. > >> > >> Best wishes, > >> -- Mike > >> > >> P.S. If you prefer, a HTML-formatted version of the private key spec > >> is available at > >> http://self-issued.info/docs/draft-jones-jose-json-private- > >> key.html. I also blogged about this draft specification at > >> http://self- issued.info/?p=816. > >> > >> -----Original Message----- > >> From: Harry Halpin [mailto:[email protected]] > >> Sent: Sunday, August 12, 2012 8:03 AM > >> To: Jim Schaad; Karen O'Donoghue; [email protected]; Mike > >> Jones > >> Subject: JOSE WG request from W3C WebCrypto API > >> > >> [cc'ing Mike Jones and Richard Barnes, who participate inboth WGs] > >> > >> JOSE Chairs, > >> > >> The Web Cryptography Working group has noted that the API requires > >> some access to raw key material, and the issue of whether or not to > >> use JWK or > >> ASN.1 as the default format came up. Two issues have come out that > >> we'd like to know the answer to: > >> > >> 1) JWK does not define a private key format. Does the JOSE WG plan to > >> support a JOSE-format for private keys? If so, when? Or 'maybe'? > >> > >> 2) While we'd like encourage the use of JOSE over ASN.1, it seems > >> like > > for > >> backwards compatibility having some level of ASN.1 support would be > >> useful and we *need* a format that allows key material (both private > >> and > >> public) to be exported. Folks seem to leaning towards ASN.1 as a > >> default format in the low-level API, and having JWK as a format that > >> can be built > > on > >> top of that in a possible high-level API. Would that be OK? > >> > >> 3) How stable do you believe the JOSE formats are right now? Do > >> you > > think > >> they are stable enough now we can reference them in our API draft at > >> end > > of > >> August? If not, when? The W3C would like to and plan to use these > >> formats where possible. > >> > >> Feel free to forward this by JOSE WG for discussion. We'd like an > >> answer before we send our document to FPWD at end of August. > >> > >> cheers, > >> harry > >> > >> > > > > > > > > > > _______________________________________________ > > jose mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
