I just had a quick look and it seems fine for
asymmetric keys assuming there's a need for it
and a justification for including things like
'{"e":' in the hash input, which I don't see.The reason I looked at this is that there's some overlap here with RFC6920, (I'm an author of that) and DANE and maybe other specs that say how to hash a public key. It does seem a shame to have so many ways to hash public keys, but 6920 is compatible with DANE and others that hash a SPKI (even if that's artificially created just as a hash input), so I wonder if the benefit of the running code here is really worth being different from other specs that hash a SPKI. So, other than that someone has some code, what is the benefit of being incompatible with other specs here? The downside is that I could not determine that one of these does/doesn't map to the same public key as some DANE RRs for example. Seems a bit odd to me to want to accept that downside unless there's an upside. Only other thing is for symmetric keys I think you should add an optional salt, in case you need the thumbprint of a low-entropy secret, which is quite likely to happen, and quite likely to get exposed somehow. And I'd argue to recommend that a long salt always be used for potentially low-entropy secret keys. Apologies if the WG discussed these before but I missed it;-) S. PS: These are just random-punter comments with no hats. On 23/01/15 01:56, Jim Schaad wrote: > This starts a two week last call on draft-ietf-jose-jwk-thumbprint. Last > call will end on February 2, 2015. > > > > Due to the general lack of activity on the list. General silence will be > considered as a vote to park the document and either have it done via the > ISE or with an AD shepherd rather than having group consensus. > > > > > > > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
