Clarification question: Would the private key operate correctly, if possibly
inefficiently, in the multi-prime case if all the private key parameters other
than “d” were ignored? I ask, because if this is the case, your wording could
be modified to the less severe text:
If the consumer of a JWK does not support multi-prime RSA moduli and it
encounters a private key that includes the "oth" parameter, then it MUST either
reject the key or ignore all the private key parameters other than “d”.
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Richard Barnes
Sent: Monday, November 10, 2014 7:02 PM
To: [email protected]
Subject: [jose] Clean interop with "oth"
It seems clear that there are no implementations today that support the "oth"
element, i.e., that support RSA with a modulus with multiple factors. At least
some of them simply ignore the "oth" element, which unfortunately leads to
incorrect operation. I would propose something of the following form in JWA:
"""
If the consumer of a JWK does not support multi-prime RSA moduli and it
encounters a private key that includes the "oth" parameter, then it MUST reject
the key.
"""
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
