-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Technically, only the private exponent and the modulus are necessary for the private operations. However, the performance can be so bad that it be a Denial of Service attack. Better to reject, in my opinion.
- -- - - m&m Matt Miller < [email protected] > Cisco Systems, Inc. On 11/10/14, 10:08 PM, Mike Jones wrote: > Clarification question: Would the private key operate correctly, > if possibly inefficiently, in the multi-prime case if all the > private key parameters other than “d” were ignored? I ask, because > if this is the case, your wording could be modified to the less > severe text: > > > > If the consumer of a JWK does not support multi-prime RSA moduli > and it encounters a private key that includes the "oth" parameter, > then it MUST either reject the key or ignore all the private key > parameters other than “d”. > > > > -- Mike > > > > *From:*jose [mailto:[email protected]] *On Behalf Of *Richard > Barnes *Sent:* Monday, November 10, 2014 7:02 PM *To:* > [email protected] *Subject:* [jose] Clean interop with "oth" > > > > It seems clear that there are no implementations today that support > the "oth" element, i.e., that support RSA with a modulus with > multiple factors. At least some of them simply ignore the "oth" > element, which unfortunately leads to incorrect operation. I would > propose something of the following form in JWA: > > """ > > If the consumer of a JWK does not support multi-prime RSA moduli > and it encounters a private key that includes the "oth" parameter, > then it MUST reject the key. > > """ > > > > _______________________________________________ jose mailing list > [email protected] https://www.ietf.org/mailman/listinfo/jose > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUah5OAAoJEDWi+S0W7cO13kQIALa+juv24iNuIdr/PdHlRjee 0nGeSq/xIk5WZsV+tYWk8mMUSWqxoh3FTUd2flpj4vjQ7iZvraQmJwV+4jcRsZOY UM3JyL5cBvAnOtNXtwga5N7Y+2G1vWvjJGURo+9lNI+Kn3Ut7mAG+u6q8kob72Wv g0U1lJmjtkslDeFXnNJQSI5AliKPc1Gvo/sbzR0QH5oZeIdwsoqBdYwFSU0a4g7f 1MEtgf0ASE2ShhNBDpgPnQg0OOrptARSkndvhirtyhoBgm473WWW0fr+pj0A6V7n vsuzLNSFishXPNfIERfME+qacL0IYl6ZjVt2GumiMesi7epD/AMHucUHXGEN5X8= =ijfD -----END PGP SIGNATURE----- _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
