Re: [jose] Issue #76 - x5t

Wed, 02 Oct 2013 14:44:34 -0700 

The presence of the xt* JWK fields doesn't change what fields must be populated 
for a JWK.  The spec also already says: "The key in the certificate MUST match 
the bare public key represented by other members of the JWK."  This is the text 
requiring that a normal JWK representation also be present.

You can suggest wordsmithing, but I believe the normative meaning is already 
clear.

                                                                -- Mike

From: Jim Schaad [mailto:[email protected]]
Sent: Tuesday, October 01, 2013 4:15 PM
To: Mike Jones
Cc: [email protected]
Subject: RE: Issue #76 - x5t

I guess the question is then which of the fields are required to be populated.  
From what you say the key is required to be populated.  Are the alg and use 
fields required to be populated if there are such restrictions in the 
certificate or not?

Jim


From: Mike Jones [mailto:[email protected]]
Sent: Monday, September 30, 2013 12:32 AM
To: Jim Schaad
Cc: [email protected]<mailto:[email protected]>
Subject: RE: Issue #76 - x5t

The working group was clear in Denver that the normal JWK bare key elements 
MUST be present in the JWK and that the x5* fields are supplemental information 
that must align with their content.

Therefore, can you reword your suggested sentence below to remove the "if" 
clause and instead talk about the consistency between those fields that must be 
present?

                                                            Thanks,
                                                            -- Mike

From: Jim Schaad [mailto:[email protected]]
Sent: Sunday, September 29, 2013 8:59 PM
To: Mike Jones
Cc: [email protected]<mailto:[email protected]>
Subject: Issue #76 - x5t

Mike,

This is the suggested text modification that I have for dealing with bullet B 
in for this issue.

OLD
The key in the certificate MUST match the bare public key represented by the 
other members of the JWK.

NEW
If other members in the JWK representing portions of the certificate are 
present, they MUST be consistent with the same fields in the certificate.  
Additional details can be found in <xref target="x5c"/>.


Jim


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to