New versions of the JSON WEB {Signature,Encryption,Key,Algorithms,Token} (JWS,
JWE, JWK, JWA, JWT) specifications have been released. These versions
incorporate the decisions made by the JOSE working
group<http://datatracker.ietf.org/wg/jose/> during and since IETF
84<http://www.ietf.org/meeting/84/>.
The primary change was revising the JWE format to always use AEAD encryption
algorithms. The companion change was defining two new composite AEAD
algorithms "A128CBC+HS256" and "A256CBC+HS512" that use AES CBC to perform
encryption and matching HMAC SHA-2 algorithms to perform an integrity check on
the ciphertext and the parameters used to create it.
Other than that, all changes were local in scope, with no changes to JWS -
other than changing the format of the "x5c" (X.509 Certificate Chain) from a
string containing a list of certificate values to an array of strings
containing certificate values. Likewise, the only changes to JWT were to track
changes made in the specs that it uses.
Having addressed all the open issues with resolutions with apparent working
group consensus, it's my hope that the working group will decide to send these
specifications to working group last call at IETF
85<http://www.ietf.org/meeting/85/>.
The companion JWS JSON Serialization and JWE JSON Serialization specs were also
updated.
The working group specifications are available at:
* http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-06
* http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06
* http://tools.ietf.org/html/draft-ietf-jose-json-web-key-06
* http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-06
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-04
The individual submission specifications are available at:
* http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-02
* http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-02
The document history entries (also in the specifications) are as follows:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-06
* Changed x5c (X.509 Certificate Chain) representation from being a single
string to being an array of strings, each containing a single base64 encoded
DER certificate value, representing elements of the certificate chain.
* Applied changes made by the RFC Editor to RFC 6749's registry language to
this specification.
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06
* Removed the int and kdf parameters and defined the new composite AEAD
algorithms A128CBC+HS256 and A256CBC+HS512 to replace the former uses of AES
CBC, which required the use of separate integrity and key derivation functions.
* Included additional values in the Concat KDF calculation -- the desired
output size and the algorithm value, and optionally PartyUInfo and PartyVInfo
values. Added the optional header parameters apu (agreement PartyUInfo), apv
(agreement PartyVInfo), epu (encryption PartyUInfo), and epv (encryption
PartyVInfo). Updated the KDF examples accordingly.
* Promoted Initialization Vector from being a header parameter to being a
top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the
Initialization Vector out of the header also avoids repeating this shared value
in the JSON serialization.
* Changed x5c (X.509 Certificate Chain) representation from being a single
string to being an array of strings, each containing a single base64 encoded
DER certificate value, representing elements of the certificate chain.
* Added an AES Key Wrap example.
* Reordered the encryption steps so CMK creation is first, when required.
* Correct statements in examples about which algorithms produce
reproducible results.
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-06
* Changed the name of the JWK RSA exponent parameter from exp to xpo so as
to allow the potential use of the name exp for a future extension that might
define an expiration parameter for keys. (The exp name is already used for this
purpose in the JWT specification.)
* Clarify that the alg (algorithm family) member is REQUIRED.
* Correct an instance of "JWK" that should have been "JWK Set".
* Applied changes made by the RFC Editor to RFC 6749's registry language to
this specification.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-06
* Removed the int and kdf parameters and defined the new composite AEAD
algorithms A128CBC+HS256 and A256CBC+HS512 to replace the former uses of AES
CBC, which required the use of separate integrity and key derivation functions.
* Included additional values in the Concat KDF calculation -- the desired
output size and the algorithm value, and optionally PartyUInfo and PartyVInfo
values. Added the optional header parameters apu (agreement PartyUInfo), apv
(agreement PartyVInfo), epu (encryption PartyUInfo), and epv (encryption
PartyVInfo).
* Changed the name of the JWK RSA exponent parameter from exp to xpo so as
to allow the potential use of the name exp for a future extension that might
define an expiration parameter for keys. (The exp name is already used for this
purpose in the JWT specification.)
* Applied changes made by the RFC Editor to RFC 6749's registry language to
this specification.
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-04
* Promoted Initialization Vector from being a header parameter to being a
top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the
Initialization Vector out of the header also avoids repeating this shared value
in the JSON serialization.
* Applied changes made by the RFC Editor to RFC 6749's registry language to
this specification.
* Reference RFC 6755 -- An IETF URN Sub-Namespace for OAuth.
http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-02
* Changed to use an array of structures for per-recipient values, rather
than a set of parallel arrays.
http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-02
* Changed to use an array of structures for per-recipient values, rather
than a set of parallel arrays.
* Promoted Initialization Vector from being a header parameter to being a
top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the
Initialization Vector out of the header also avoids repeating this shared value
in the JSON serialization.
HTML formatted versions are available at:
* http://self-issued.info/docs/draft-ietf-jose-json-web-signature-06.html
*
http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-06.html
* http://self-issued.info/docs/draft-ietf-jose-json-web-key-06.html
*
http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-06.html
* http://self-issued.info/docs/draft-ietf-oauth-json-web-token-04.html
*
http://self-issued.info/docs/draft-jones-jose-jws-json-serialization-02.html
*
http://self-issued.info/docs/draft-jones-jose-jwe-json-serialization-02.html
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
