Re: [jose] xpo

Mike Jones Tue, 23 Oct 2012 01:34:35 -0700

Scoping would make sense if we anticipated there being many many key parameters 
in the future, such that future naming conflicts were likely.  In practice, 
there are all of eight key parameters defined at present ("alg", "crv", "x", 
"y", "mod", "xpo", "use", and "kid").  I've heard discussions of maybe one or 
two more that people might anticipate adding in the future (expiration time is 
the only one I can remember off the top of my head).  So at least within the 
next few years, the number might reach a dozen or so.  And we already have a 
registry defined that would avoid parameter conflicts.


Adding structure to avoid potential conflicts among at most a dozen or so 
parameter names seems like significant overkill.  In the spirit of keeping 
simple things simple, in practice, I'm sure that a flat structure will continue 
to work out just fine.

                                Cheers,
                                -- Mike

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Richard 
Barnes
Sent: Monday, October 22, 2012 1:52 PM
To: Manger, James H
Cc: [email protected]; [email protected]; [email protected]; 
[email protected]; [email protected]
Subject: Re: [jose] xpo


On Oct 19, 2012, at 3:18 AM, Manger, James H wrote:

> "exp" wouldn't clash if we used some JSON structure in a JWK. For instance, 
> separate the maths fields of the public key (n, e, ...) from the 
> administrative parts (key-id, certificate, usage...). Instead, JWK goes for a 
> flat bucket for all a key's info. Hence, we have potential problems with 
> clashes of names from quite separate domains. We should fix the structure, 
> instead of tinkering with the name.

Yes.  This.  

Most of this WG's problems arise from using flat buckets.  Flat buckets don't 
hold water :)

--Richard





>  
> --
> James Manger
>  
> From: [email protected] [mailto:[email protected]] On Behalf Of 
> [email protected]
> Sent: Friday, 19 October 2012 5:50 PM
> To: [email protected]
> Cc: [email protected]; [email protected]; [email protected]
> Subject: Re: [jose] xpo
>  
> I don't know why the exp in jwk needs to be changed. From a developer POW 
> there is no need. You always know which "exp" is the right one.
> I would reverse the change from exp to xpo. Developers don't need it and many 
> did not update their implementation to incorporate the exp->xpo transition.
>  
> Actually I don't care (much) how the parameters are named. Although I would 
> like to stick to the 3-letter scheme I am OK with the n,e proposal.
> But please stop making breaking changes (especially renaming parameters which 
> leads only to more work and no gain).
>  
> Case1: harm is already done -> stick with xpo and don't change AGAIN.
> Case2: Most implementation haven't changed yet -> revert to exp
> Case3: xpo is just stupid -> n,e is better -> another change -> Oh no -> 
> revert to exp
>  
> Again: I suggest to revert to exp and make the implementers happy.
>  
> Axel
>  
> Cc'ing Nat because I don't want to give away his developer's emails without 
> asking.
>  
>  
> From: [email protected] [mailto:[email protected]] On Behalf Of Brian 
> Campbell
> Sent: Wednesday, October 17, 2012 3:09 PM
> To: Vladimir Dzhuvinov / NimbusDS
> Cc: [email protected]
> Subject: Re: [jose] xpo
>  
> +1 (if a parameter name change is going to happen anyway)
> 
> On Wed, Oct 17, 2012 at 2:24 AM, Vladimir Dzhuvinov / NimbusDS 
> <[email protected]> wrote:
> +1
> 
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : [email protected]
> 
> 
> -------- Original Message --------
> Subject: Re: [jose] xpo
> From: Richard Barnes <[email protected]>
> Date: Wed, October 17, 2012 12:15 am
> To: "Manger, James H" <[email protected]>
> Cc: Mike Jones <[email protected]>, "[email protected]"
> <[email protected]>
> 
> 
> +1
> 
> On Oct 16, 2012, at 6:55 PM, Manger, James H wrote:
> 
> >> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-06
> >> * Changed the name of the JWK RSA exponent parameter from exp to xpo so as 
> >> to allow the potential use of the name exp for a future extension that 
> >> might define an expiration parameter for keys. (The exp name is already 
> >> used for this purpose in the JWT specification.)
> >
> > "n" and "e" would be better than "mod" and "xpo".
> > "n" and "e" are very widely used for the RSA modulus and public exponent.
> >
> > s^e = m mod n
> >
> > --
> > James Manger
> > _______________________________________________
> > jose mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
>  
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Re: [jose] xpo

Reply via email to