Looks good to me. Thanks.
On Tue, Jul 30, 2013 at 11:08 AM, Mike Jones <[email protected]>wrote: > -14 now describes which RSA key parameters are there to enable > optimizations, and states that their presence is RECOMMENDED, and that if > any are present, all must be present (yes, with special language for the > case of 3 or more prime factors).**** > > ** ** > > -- Mike**** > > ** ** > > *From:* Richard Barnes [mailto:[email protected] <[email protected]>] > *Sent:* Tuesday, July 16, 2013 4:21 PM > *To:* Brian Campbell > *Cc:* Mike Jones; Matt Miller (mamille2); Jim Schaad; [email protected] > *Subject:* Re: [jose] Keys in the documents**** > > ** ** > > On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell < > [email protected]> wrote:**** > > I like this change and think it will make it much more straightforward > to consume the examples.**** > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. **** > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. **** > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? **** > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point.**** > > ** ** > > Yes. This change should be made. Technically, only the modulus (n) and > private exponent (d) are required. So the requirement levels for a private > key would be:**** > > n, d: MUST**** > > e: SHOULD (so that you can derive the corresponding public key)**** > > p,q,dp,dq,qi: MAY (since these are all optimizations)**** > > ** ** > > --Richard**** > > **** > > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > **** > > ** ** > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <[email protected]> > wrote:**** > > FYI – this was done in the -12 drafts.**** > > **** > > -- Mike**** > > **** > > *From:* Mike Jones [mailto:[email protected]] **** > > *Sent:* Friday, June 21, 2013 8:58 AM**** > > *To:* Matt Miller (mamille2); Richard Barnes**** > > > *Cc:* Jim Schaad; [email protected]; > [email protected]**** > > *Subject:* RE: [jose] Keys in the documents**** > > **** > > Will do.**** > ------------------------------ > > *From: *Matt Miller (mamille2) > *Sent: *6/21/2013 6:06 AM > *To: *Richard Barnes > *Cc: *Jim Schaad; [email protected]; > [email protected] > *Subject: *Re: [jose] Keys in the documents > > +1 > > On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]> > wrote: > > > +1 > > > > On Thursday, June 20, 2013, Jim Schaad wrote: > > > >> Is there any reason not to provide the public and private keys in the > >> appendixes as JWK objects? This would make them easier to understand > and > >> put them into a format that one expects to be understood by JOSE > systems.* > >> *** > >> > >> ** ** > >> > >> Jim**** > >> > >> ** ** > >> > > - m&m > > Matt Miller < [email protected] > > Cisco Systems, Inc.**** > > ** ** > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** > > ** ** > > ** ** > > On Tue, Jul 16, 2013 at 4:40 PM, Brian Campbell < > [email protected]> wrote:**** > > I like this change and think it will make it much more straightforward to > consume the examples.**** > > One thing I noticed though, in Section 5.3.2 of JWA "JWK Parameters for > RSA Private Keys" [1] it says that all the members (excepting "oth") are > required for private keys. **** > > However the example JWK RSA keys in JWE [2] and JWS [3] only have the "d" > (Private Exponent) Parameter part of the private portion. **** > > Can we relax/change JWA to say something like "d" is always required and > either all of others (with the caveat for "oth") are required to be there > together or that they all need to be omitted? **** > > The Private Exponent is all that's functionally needed, right? And the > rest are optimizations? I honestly don't know much (okay anything) about > CRT vs plain old RSA keys. But it seems like there are cases where it'd be > totally reasonable to have just the "d" - and the examples in JWS and JWE > seem to make that point. > > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-13#section-5.3.2 > [2] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-13#appendix-A.1.4 > [3] > http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-13#appendix-A.2.1 > **** > > ** ** > > On Sun, Jul 14, 2013 at 3:03 PM, Mike Jones <[email protected]> > wrote:**** > > FYI – this was done in the -12 drafts.**** > > **** > > -- Mike**** > > **** > > *From:* Mike Jones [mailto:[email protected]] **** > > *Sent:* Friday, June 21, 2013 8:58 AM**** > > *To:* Matt Miller (mamille2); Richard Barnes**** > > > *Cc:* Jim Schaad; [email protected]; > [email protected]**** > > *Subject:* RE: [jose] Keys in the documents**** > > **** > > Will do.**** > ------------------------------ > > *From: *Matt Miller (mamille2) > *Sent: *6/21/2013 6:06 AM > *To: *Richard Barnes > *Cc: *Jim Schaad; [email protected]; > [email protected] > *Subject: *Re: [jose] Keys in the documents > > +1 > > On Jun 20, 2013, at 8:48 PM, Richard Barnes <[email protected]> > wrote: > > > +1 > > > > On Thursday, June 20, 2013, Jim Schaad wrote: > > > >> Is there any reason not to provide the public and private keys in the > >> appendixes as JWK objects? This would make them easier to understand > and > >> put them into a format that one expects to be understood by JOSE > systems.* > >> *** > >> > >> ** ** > >> > >> Jim**** > >> > >> ** ** > >> > > - m&m > > Matt Miller < [email protected] > > Cisco Systems, Inc.**** > > ** ** > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** > > ** ** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
