Thanks, this answered my question. Now, if the p11 URI must point to a private key object, shouldn't "type" in section 4 be declared REQUIRED?
BTW, did you also consider using the p11 URIs for JWKs of type "oct"? On 01/07/17 21:17, Nathaniel McCallum wrote: > (That does appear to be a typo. The RFC should be 7512.) > > On Sat, Jul 1, 2017 at 3:16 PM, Nathaniel McCallum > <[email protected]> wrote: >> Section 3 states: >> >> 'The "p11" property MUST contain a valid PKCS #11 URI [RFC7517] that >> points to a private key object (that is, type=private).' >> >> As I understand this sentence, the "p11" URI should be validated >> according to RFC 7517 with the additional constraint that it must have >> type=private. >> >> On Sat, Jul 1, 2017 at 3:08 PM, Vladimir Dzhuvinov >> <[email protected]> wrote: >>> Looks good! >>> >>> +1 to have examples included. >>> >>> Question: When I parse a JWK with a "p11" parameter, should the p11 URI >>> syntax be validated? What constitutes a syntactically valid p11 URI? >>> >>> >>> >>> On 30/06/17 23:33, Nathaniel McCallum wrote: >>>> I have prepared an initial stab at a draft for offloading JWK private >>>> key data to PKCS #11. >>>> >>>> You can find the document here: >>>> https://www.ietf.org/id/draft-mccallum-jose-pkcs11-jwk-00.txt >>>> >>>> Thanks for your consideration! >>> >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
