On Sat, Jul 1, 2017 at 4:23 PM, Vladimir Dzhuvinov <[email protected]> wrote: > Thanks, this answered my question. > > Now, if the p11 URI must point to a private key object, shouldn't "type" > in section 4 be declared REQUIRED?
Probably so. I think we need to answer the question about public key URI (see other emails in this thread) first. But, yes, I agree. > BTW, did you also consider using the p11 URIs for JWKs of type "oct"? Yes, the document does this implicitly. Section 3 states: "Private key material is defined by the Parameter Information Class of Section 8.1.1 of RFC 7517 [RFC7517]." This section defines "k" as private key material for JWKs of type "oct". It should probably be spelled out in the actual draft that symmetric keys do not have public key material. The draft should probably also make explicit that this is usable for "oct" JWKs. This would help with clarity. >From an implementation perspective, symmetric keys are probably most useful for the key wrap algorithms since we probably don't want to offload full data encryption (for performance reasons). _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
