I have not had time to go through the database after the drafts have come
out. I did this when I was trying to get an agenda worked up so it has my
ideas of current states.
I would like to review the key draft issues that Mike and I have not gone
through and see if there are any big controversies.
Jim
JSON ALGORITHMS
28 AES-GCM should not be allowed for content encryption in combination
with Direct Encryption key management mode
FIXED
33 Move reference to appendix A for table cross-referenceing to section 1
REVIEW - WONT FIX
39 Zip algorithms should be registered in the algorithms registry
FIXED
52 Require that RSA key parameters use minimum number of octets
FIXED
53 "Use ""SEC1"" format for elliptic curve keys"
FIXED
54 epk/apu/apv need to be REQUIRED
WON'T FIX
55 Mandatory entropy in ECC KDF inputs
FIXED
56 Remove restatements of algorithms from JWA
63 "PBES2 process does not explain how ""p2s"" is applied" IETF 88 -
Vancouver
FIXED
126 Use JWA terms for inputs/outputs
127 Section 3. Cryptographic Algorithms for JWS
128 "Section 3.1. ""alg"" (Algorithm) Header Parameter Values for JWS"
129 Section 3.2 MAC with HMAC SHA-2 Functions
134 "Section 4.1 ""alg"" (Algorithm) Header Parameter Values for JWE"
135 Separate key management and content encryption algorithsm to separate
top level sections
136 Section 4.4 Key Encryption with OAEP
FIXED
137 Section 4.6 Direct Encryption with a Shared Symmetric Key
138 Section 4.7 ECDH-ES
141 Section 4.7.2 Concat should have it's own section
A,F, 8 FIXED
B, C static-static
D Postponed
E, 7 WON't FIX
147 Section 4.10.2 - Algorithm and examples
150 Section 5.2.1 JWK Parameters for Elliptic Curve Public Keys
151 "Section 5.2.1.1 ""crv"" (Curve) Parameter"
FIXED
152 Section 5.3.2 JWK Parameters for RSA Private Keys
154 Section 6.1. JSON Web Signature and Encryption Algorithm Registery
WONT FIX - see #103
155 Section 6.1.1 Template
157 Section 6.2.1 Registration Tempalte
158 Section 7. Security Considerations
160 Section 7.1 Reusing Key Material when Encrypting Keys
161 7.2 Password Considerations
163 Appendix A. Algorithm Identifier Cross reference
A - FIXED
B - WONT FIX
183 Use table to assoicate sizes of keys, hashes, other algorithms
JSON ENCRYPTION
60 State components of JWS and JWE components explicitly
61 State processing rules in terms of components
62 State serializations in terms of components
165 Section 2. Terminology
166 Section 3. JSON Web Encryption (JWE) Overview
167 Section 4. JWE Header
168 Section 4.1 Reserved Header Parameter Names
FIXED
See Issue #99
169 "Section 4.1.1 ""alg"" (Algorithm) Header Parameter"
FIXED
170 "Section 4.1.2 ""enc"" (Encryption Method) Header Parameter"
A - WONT FIX
B - Make separate issue?
C, D - OK
171 "Section 4.1.3 ""zip"" (Compression Algorithm) Header Parameter"
WONT FIX
B - WONT FIX
172 "Section 4.1.6 - ""x5u"" (X.509 URL) Header Parameter"
FIXED
173 "Section 4.1.7 - ""x5t"" (X.509 Certificate Thumbprint) Header
Parameter"
FIXED
174 Section 5.1 Message Enryption
175 Section 5.2. Message Decryption
176 Section 7 - Serializations
177 Section 7.1 JWE Compact Serialization
178 Section 7.2 JWE JSON Serialization
179 Section 8 Distingusihng between JWS and JWE objects
180 Section 10. Security considerations
181 Examples
JSON KEY
41 "Add key wrap to the ""use"" member in key containers"
FIXED
42 Should alg be required for symmetric keys?
FIXED
43 Delete sentence that is redundent
FIXED
47 Registration template missing a check
FIXED
51 "Change ""cty"" requirement for encrypted JWK to ""MUST unless"""
FIXED
67 Expansion of terms in the document
FIXED
68 Section 3 - JSON Web Key (JWK) Format
*** Check with Mika about what is not editorial
69 "Section 3.1 - ""kty"" (Key Type) Parameter"
*** Looks editorial to me
70 Review of 2119 Language
HARD REWRITE
71 "Section 3.2 - ""use"" (Key Use) Parameter"
A - FIXED
B - Open new item in broader context
72 "Section 3.3 - ""alg"" (Algorithm) Parameter"
73 "Section 3.4 - ""kid"" (Key ID) Parameter"
74 "Section 3.5 - ""x5u"" (X.509 URL) Header Parameter"
76 "Seciton 3.6 - ""x5t"" (X.509 Certificate Thumbprint) Header Parameter"
A & C FIXED
B Pending text from Jim
77 "Section 3.7 ""x5c"" (X.509 Certificate Chain) Parameter"
78 Seciton 4. JSON Web Key Set (JWK Set) Format
79 Validation of JWK objects and JWK sets
80 "Section 4.1 ""keys"" (JSON Web Key Set) Parameter"
FIXED
81 Section 5. String Comparison Rules
82 Section 6. Encrypted JWK and Encrypted JWK Set Format
Push to list
83 Section 7. IANA Considerations
84 Section 7.1 JSON Web Key Parameters Registry
B - FIXED
85 Section 7.1.1. Registration Template
D FIXED
Follow up with Matt
86 Section 7.2. JSON Web Key Set Parameters Registry
87 Section 7.2.1. Registration Template
88 Section 7.4.1 - Media Type Registry Contents
A, C WONT FIX
89 Section 8. Security Considerations
90 Section 9 References
JSON SIGNATURE
18 Address MAC key lifetime concerns
FIXED
25 Detached content for the ALTO use case
Send Mike Text
36 "Algorithm ""none"" should be removed"
FIXED
50 """cty"" (content type) should hold a media type"
???? - on item - ????
57 Move common elements to a section in JWS
58 Remove repeated, ephemeral, or obvious terminology
59 Allow direct signing and align with AAD
Carry over
93 Appendix - How to find a key
Put to list - call?
94 Using Mathmatics and Equations promotes readability
95 Use of proper JSON terminology
97 Section 2 - Terminology
98 Section 3.1 - Example JWS
99 Section 4 - JWS Header
FIXED
102 "Section 4.1.1. ""alg"" (Algorithm) Header Parameter"
103 "Rename ""alg"" to avoid future collision problems"
WONT FIX
104 "Section 4.1.2 ""jku"" (JKW Set URL) Header Parameter"
FIXED
105 "Section 4.1.3 ""jwk"" (JSON WEB Key) Header Parameter"
FIXED - see #104
106 "Section 4.1.4 ""x5u"" (X.509 URL) Header Parameter"
FIXED - A & B
107 "Section 4.1.5 ""x5t"" (X.509 Certificate Thumbprint) Header Parameter"
A, B, D WONT FIX
C FIXED see #104
E FIXED
108 "Section 4.1.6 ""x5c"" (X.509 Certificate Chain) Header Parameter"
110 "Section 4.1.7 ""kid"" (Key ID) Header Parameter"
111 "Section 4.1.8 ""typ"" (Type) Header Parameter"
112 "Section 4.1.9 ""cty"" (Content Type) Header Parameter"
114 "Section 4.1.10 ""crit"" (Critical) Header Parameter"
115 Section 5.1. Message Signing or MACin
116 Section 5.2. Message Signature or MAC Validation
117 Section 5.3. String Comparison Rules
118 Section 6. Key Identification
119 Section 7. Serializations
PUT TO LIST - Call
120 Section 7.1. JWS Compact Serialization
121 Section 7.2. JWS JSON Serailziation
122 Section 8. IANA Considertions
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
