The wording "not intended" intentionally does not convey any normative
requirements. That wording is there to give people guidance on when they might
want to use "use" versus "key_ops".
Stepping back a bit, there's nothing wrong with using "use" in JWKs with both
the public and private keys present.
I'm thinking that we should therefore delete the sentence you referred to.
What do others think?
-- Mike
-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Vladimir Dzhuvinov
Sent: Thursday, April 17, 2014 1:40 AM
To: [email protected]
Subject: [jose] JWK "use" parameter strictly for public keys?
Hi guys,
A recent release of the Nimbus JOSE+JWT library added support for the new JWK
"key_ops" parameter and we put code in place to prevent people from
constructing JWKs with both "use" and "key_ops".
I need help with interpreting the following sentence though:
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-25#section-3.2
```
[The "use" parameter] is not intended for use cases in which private or
symmetric keys may also be present.
```
Is the meaning of "not intended" a SHOULD NOT or a MUST NOT contain private
parts?
We make extensive use of RSA JWKs with private + public parts that have their
use encoded in the "use" parameter, before the public part get extracted and
published to client apps (with the same "use" parameter of course). Justin's
JWK generator also does that. What is the rationale to
want to limit "use" to public keys only?
Cheers,
Vladimir
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
