I agree with all of this wording except for the mandatory use of "cty". We
didn't discuss that at the interim. In many (most?) contexts, it's already
known that the value is a wrapped key, so there's no need to explicitly call it
out, any more than there is for other content types. I'm fine with including
wording that says that the content type *MAY* be used, however.
Thanks for taking first crack at this wording, Richard.
-- Mike
From: [email protected] [mailto:[email protected]] On Behalf Of Richard
Barnes
Sent: Friday, May 24, 2013 11:40 AM
To: [email protected]
Subject: [jose] Proposed text for wrapped keys
Dear JOSE,
At the interim, it seemed like there was agreement on key wrapping at least in
the case of wrapping a JWK-structured key (as opposed to a bare symmetric key).
Namely, we agreed to use JWE to wrap the JWK structure.
It seems to me that it would be prudent to add this recommendation as a section
in JWK. Since we're defining private key attributes, we should define in the
same document how to protect them.
"""
X. Wrapped Key Format
A wrapped key is a JWE object with a key as its payload, encoded as a
serialized JWK object. The "cty" attribute of a wrapped key MUST be set to the
JWK MIME type, "application/jwk+json". The processing of wrapped keys is
identical to normal JWE processing.
"""
Do people find that to be sufficient text to explain how to generate and
process wrapped keys (as JWK within JWE)?
Thanks,
--Richard
P.S. The astute reader will note that this text is adapted from
draft-barnes-jose-key-wrapping-01
<http://tools.ietf.org/html/draft-barnes-jose-key-wrapping-01#section-2>
This is not an accident. I'm proposing to first address the question of key
wrapping in general; then we can talk about whether we want to special-case
symmetric keys with no attributes.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
