What level of testing have you done on this?
Jim From: Justin Richer [mailto:[email protected]] Sent: Monday, November 10, 2014 11:32 AM To: Jim Schaad; 'Richard Barnes' Cc: [email protected]; [email protected]; 'Stephen Farrell' Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ It's implemented in some libraries, such as the NimbusDS JOSE-JWT library on Java. However, I don't know of any uses in applications. -- Justin / Sent from my phone / -------- Original message -------- From: Jim Schaad <[email protected]> Date:11/10/2014 11:03 AM (GMT-10:00) To: 'Richard Barnes' <[email protected]> Cc: [email protected], [email protected], 'Stephen Farrell' <[email protected]> Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ Oh – your right. My head is not processing fast enough. In that case I don’t know of any implementation at the moment for the “oth” parameter I am not sure if Stephen is going to force a removal based on that or not. Jim From: jose [mailto:[email protected]] On Behalf Of Richard Barnes Sent: Monday, November 10, 2014 10:39 AM To: Jim Schaad Cc: [email protected]; Stephen Farrell Subject: Re: [jose] Discuss on http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ What? I can't speak for Chrome, but Firefox completely ignores the "oth" parameter. http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoKey.cpp?from=PrivateKeyFromJwk#678 I think you're thinking of the extended, technically not-required RSA private parameters "p", "q", "dp", "dq", "qi". Firefox and Chrome DO both require those, because the underlying library requires them and we didn't want to implement factoring above the library layer (at least for Firefox). I'm not sure it makes sense for those parameters to be required at the JWK layer. On Mon, Nov 10, 2014 at 10:14 AM, Jim Schaad <[email protected]> wrote: Based on email that has been sent to the list. It appears that both Chrome and Firefox have fully implemented the “oth” parameter of RSA private keys. They actually appear to require that it be present rather than be optional as the document specifies. However this would mean to me that this parameters is used and you can clear you discuss on that basis. Jim _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
