| draft-ietf-jose-jwk-thumbprint-01.txt | draft-ietf-jose-jwk-thumbprint-02.txt | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track N. Sakimura | Intended status: Standards Track N. Sakimura | |||
| Expires: July 26, 2015 NRI | Expires: August 23, 2015 NRI | |||
| January 22, 2015 | February 19, 2015 | |||
| JSON Web Key (JWK) Thumbprint | JSON Web Key (JWK) Thumbprint | |||
| draft-ietf-jose-jwk-thumbprint-01 | draft-ietf-jose-jwk-thumbprint-02 | |||
| Abstract | Abstract | |||
| This specification defines a means of computing a thumbprint value | This specification defines a means of computing a thumbprint value | |||
| (a.k.a. digest) of JSON Web Key (JWK) objects analogous to the "x5t" | (a.k.a. digest) of JSON Web Key (JWK) objects analogous to the "x5t" | |||
| (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 | (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 | |||
| certificate objects. This specification also registers the new JSON | certificate objects. | |||
| Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters | ||||
| and the new JSON Web Key (JWK) member name "jkt" (JWK SHA-256 | ||||
| Thumbprint) for holding these values. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 26, 2015. | This Internet-Draft will expire on August 23, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 17 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3 | 3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4 | 3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4 | |||
| 3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5 | 3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5 | |||
| 3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6 | 3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6 | |||
| 3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6 | 3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6 | |||
| 3.3. Order and Representation of Members in Hash Input . . . . 7 | 3.3. Order and Representation of Members in Hash Input . . . . 7 | |||
| 3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 7 | 3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 7 | |||
| 4. "jkt" Member Definitions . . . . . . . . . . . . . . . . . . . 8 | 4. Practical JSON and Unicode Considerations . . . . . . . . . . 8 | |||
| 4.1. "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter . . . 8 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4.2. "jkt" (JWK SHA-256 Thumbprint) JWE Header Parameter . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 4.3. "jkt" (JWK SHA-256 Thumbprint) JWK Parameter . . . . . . . 8 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4.4. Possible Future Alternative Thumbprint Computations . . . 8 | 7.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 5. Practical JSON and Unicode Considerations . . . . . . . . . . 8 | 7.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10 | |||
| 6.1. JWS and JWE Header Parameter Registration . . . . . . . . 9 | Appendix B. Document History . . . . . . . . . . . . . . . . . . 10 | |||
| 6.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 6.2. JSON Web Key Parameters Registration . . . . . . . . . . . 10 | ||||
| 6.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 10 | ||||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | ||||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | ||||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . . 11 | ||||
| 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 | ||||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 11 | ||||
| Appendix B. Document History . . . . . . . . . . . . . . . . . . 12 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 | ||||
| 1. Introduction | 1. Introduction | |||
| This specification defines a means of computing a thumbprint value | This specification defines a means of computing a thumbprint value | |||
| (a.k.a. digest) of JSON Web Key (JWK) [JWK] objects analogous to the | (a.k.a. digest) of JSON Web Key (JWK) [JWK] objects analogous to the | |||
| "x5t" (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 | "x5t" (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 | |||
| certificate objects. This specification also registers the new JSON | certificate objects. This value can be used for identifying or | |||
| Web Signature (JWS) [JWS] and JSON Web Encryption (JWE) [JWE] Header | selecting the key that is the subject of the thumbprint, for | |||
| Parameters and the new JSON Web Key (JWK) [JWK] member name "jkt" | instance, by using the base64url encoded JWK Thumbprint value as a | |||
| (JWK SHA-256 Thumbprint) for holding these values. | "kid" (key ID) value. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in Key | "OPTIONAL" in this document are to be interpreted as described in Key | |||
| words for use in RFCs to Indicate Requirement Levels [RFC2119]. | words for use in RFCs to Indicate Requirement Levels [RFC2119]. | |||
| 2. Terminology | 2. Terminology | |||
| skipping to change at page 3, line 36 ¶ | skipping to change at page 3, line 36 ¶ | |||
| (JWE) [JWE], and JSON Web Algorithms (JWA) [JWA] specifications. | (JWE) [JWE], and JSON Web Algorithms (JWA) [JWA] specifications. | |||
| This term is defined by this specification: | This term is defined by this specification: | |||
| JWK Thumbprint | JWK Thumbprint | |||
| The digest value for a key that is the subject of this | The digest value for a key that is the subject of this | |||
| specification. | specification. | |||
| 3. JSON Web Key (JWK) Thumbprint | 3. JSON Web Key (JWK) Thumbprint | |||
| This specification defines the thumbprint of a JSON Web Key (JWK) as | The thumbprint of a JSON Web Key (JWK) is computed as follows: | |||
| being a function of the REQUIRED members of the key's JWK | ||||
| representation and a hash function. Specifically, for a hash | 1. Construct a JSON object [RFC7159] containing only the REQUIRED | |||
| function H, this function is the hash with H of the octets of the | members of a JWK representing the key and with no white space or | |||
| UTF-8 representation of a JSON object [RFC7159] constructed | line breaks before or after any syntactic elements and with the | |||
| containing only the REQUIRED members of a JWK representing the key | REQUIRED members ordered lexicographically by the Unicode | |||
| and with no white space or line breaks before or after any syntactic | [UNICODE] code points of the member names. (This JSON object is | |||
| elements and with the REQUIRED members ordered lexicographically by | itself a legal JWK representation of the key.) | |||
| the Unicode [UNICODE] code points of the member names. This JSON | ||||
| object is itself a legal JWK representation of the key. The details | 2. Hash the octets of the UTF-8 representation of this JSON object | |||
| of this computation are further described in subsequent sections. | with a cryptographic hash function H. For example, SHA-256 [SHS] | |||
| might be used as H. | ||||
| The resulting value is the JWK Thumbprint with H of the JWK. The | ||||
| details of this computation are further described in subsequent | ||||
| sections. | ||||
| 3.1. Example JWK Thumbprint Computation | 3.1. Example JWK Thumbprint Computation | |||
| This section demonstrates the JWK Thumbprint computation for the JWK | This section demonstrates the JWK Thumbprint computation for the JWK | |||
| below (with long lines broken for display purposes only): | below (with long lines broken for display purposes only): | |||
| { | { | |||
| "kty": "RSA", | "kty": "RSA", | |||
| "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt | "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt | |||
| VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6 | VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6 | |||
| skipping to change at page 5, line 35 ¶ | skipping to change at page 5, line 38 ¶ | |||
| 74, 122, 75, 110, 113, 68, 75, 103, 119, 34, 125] | 74, 122, 75, 110, 113, 68, 75, 103, 119, 34, 125] | |||
| Using SHA-256 [SHS] as the hash function H, the JWK SHA-256 | Using SHA-256 [SHS] as the hash function H, the JWK SHA-256 | |||
| Thumbprint value is the SHA-256 hash of these octets, specifically: | Thumbprint value is the SHA-256 hash of these octets, specifically: | |||
| [55, 54, 203, 177, 120, 124, 184, 48, 156, 119, 238, 140, 55, 5, 197, | [55, 54, 203, 177, 120, 124, 184, 48, 156, 119, 238, 140, 55, 5, 197, | |||
| 225, 111, 251, 158, 133, 151, 21, 144, 31, 30, 76, 89, 177, 17, 130, | 225, 111, 251, 158, 133, 151, 21, 144, 31, 30, 76, 89, 177, 17, 130, | |||
| 245, 123] | 245, 123] | |||
| The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value | The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value | |||
| (which would be used in the "jkt" members registered below) is: | (which might, for instance, be used as a "kid" (key ID) value) is: | |||
| NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs | NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs | |||
| 3.2. JWK Members Used in the Thumbprint Computation | 3.2. JWK Members Used in the Thumbprint Computation | |||
| Only the REQUIRED members of a key's representation are used when | Only the REQUIRED members of a key's representation are used when | |||
| computing its JWK Thumbprint value. As defined in JSON Web Key (JWK) | computing its JWK Thumbprint value. As defined in JSON Web Key (JWK) | |||
| [JWK] and JSON Web Algorithms (JWA) [JWA], the REQUIRED members of an | [JWK] and JSON Web Algorithms (JWA) [JWA], the REQUIRED members of an | |||
| elliptic curve public key for the curves specified in Section 6.2.1.1 | elliptic curve public key for the curves specified in Section 6.2.1.1 | |||
| of [JWK], in lexicographic order, are: | of [JWK], in lexicographic order, are: | |||
| skipping to change at page 7, line 42 ¶ | skipping to change at page 7, line 44 ¶ | |||
| are integers, they MUST be represented as a JSON number as defined in | are integers, they MUST be represented as a JSON number as defined in | |||
| Section 6 of [RFC7159] without including a fraction part or exponent | Section 6 of [RFC7159] without including a fraction part or exponent | |||
| part. For instance, the value "1.024e3" MUST be represented as | part. For instance, the value "1.024e3" MUST be represented as | |||
| "1024". This means that thumbprints of JWKs that use numbers that | "1024". This means that thumbprints of JWKs that use numbers that | |||
| are not integers are not defined by this specification. Also, as | are not integers are not defined by this specification. Also, as | |||
| noted in The I-JSON Message Format [I-D.ietf-json-i-json], | noted in The I-JSON Message Format [I-D.ietf-json-i-json], | |||
| implementations cannot expect an integer whose absolute value is | implementations cannot expect an integer whose absolute value is | |||
| greater than 9007199254740991 (i.e., that is outside the range | greater than 9007199254740991 (i.e., that is outside the range | |||
| [-(2**53)+1, (2**53)-1]) to be treated as an exact value. | [-(2**53)+1, (2**53)-1]) to be treated as an exact value. | |||
| See Section 5 for a discussion of further practical considerations | See Section 4 for a discussion of further practical considerations | |||
| pertaining to the representation of the hash input. | pertaining to the representation of the hash input. | |||
| 3.4. JWK Thumbprints of Keys Not in JWK Format | 3.4. JWK Thumbprints of Keys Not in JWK Format | |||
| Note that a key need not be in JWK format to create a JWK Thumbprint | Note that a key need not be in JWK format to create a JWK Thumbprint | |||
| of it. The only prerequisites are that the JWK representation of the | of it. The only prerequisites are that the JWK representation of the | |||
| key be defined and the party creating the JWK Thumbprint is in | key be defined and the party creating the JWK Thumbprint is in | |||
| possession of the necessary key material. These are sufficient to | possession of the necessary key material. These are sufficient to | |||
| create the hash input from the JWK representation of the key, as | create the hash input from the JWK representation of the key, as | |||
| described in Section 3.3. | described in Section 3.3. | |||
| 4. "jkt" Member Definitions | 4. Practical JSON and Unicode Considerations | |||
| This section defines "jkt" (JWK SHA-256 Thumbprint) members used for | ||||
| holding base64url encoded JWK Thumbprint values in JWK, JWS, and JWE | ||||
| objects. | ||||
| 4.1. "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter | ||||
| The "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter is a | ||||
| base64url encoded JWK Thumbprint (a.k.a. digest) of the public key | ||||
| that corresponds to the key used to digitally sign the JWS. Use of | ||||
| this JWS Header Parameter is OPTIONAL. | ||||
| 4.2. "jkt" (JWK SHA-256 Thumbprint) JWE Header Parameter | ||||
| This parameter has the same meaning, syntax, and processing rules as | ||||
| the "jkt" JWS Header Parameter defined in Section 4.1, except that | ||||
| the JWK Thumbprint references the public key to which the JWE was | ||||
| encrypted; this can be used to determine the private key needed to | ||||
| decrypt the JWE. | ||||
| 4.3. "jkt" (JWK SHA-256 Thumbprint) JWK Parameter | ||||
| The "jkt" (JWK SHA-256 Thumbprint) JWK parameter is a base64url | ||||
| encoded JWK Thumbprint (a.k.a. digest) of the JWK. If present, the | ||||
| JWK Thumbprint value represented MUST have been computed from the | ||||
| other members of the JWK as described in Section 3. Use of this | ||||
| member is OPTIONAL. | ||||
| 4.4. Possible Future Alternative Thumbprint Computations | ||||
| If, in the future, JWK Thumbprints need to be computed using hash | ||||
| functions other than SHA-256, it is suggested that additional related | ||||
| JWK, JWS, and JWE parameters be defined for that purpose. For | ||||
| example, it is suggested that a new "jkt#S3-256" (JWK SHA-3-256 | ||||
| Thumbprint) JWK parameter could be defined by registering it in the | ||||
| IANA JSON Web Key Parameters registry and the IANA JSON Web Signature | ||||
| and Encryption Header Parameters registry. | ||||
| 5. Practical JSON and Unicode Considerations | ||||
| Implementations will almost certainly use functionality provided by | Implementations will almost certainly use functionality provided by | |||
| the platform's JSON support, such as the JavaScript JSON.parse() | the platform's JSON support, such as the JavaScript JSON.parse() | |||
| JSON.stringify() functions, when parsing the JWK and emitting the | JSON.stringify() functions, when parsing the JWK and emitting the | |||
| JSON object used as the hash input. As a practical consideration, | JSON object used as the hash input. As a practical consideration, | |||
| future JWK member names should be avoided for which different | future JWK member names should be avoided for which different | |||
| platforms or libraries might emit different representations. As of | platforms or libraries might emit different representations. As of | |||
| the time of this writing, currently all defined JWK member names use | the time of this writing, currently all defined JWK member names use | |||
| only printable ASCII characters, which should not exhibit this | only printable ASCII characters, which should not exhibit this | |||
| problem. Note however, that JSON.stringify() cannot be counted on to | problem. Note however, that JSON.stringify() cannot be counted on to | |||
| skipping to change at page 9, line 23 ¶ | skipping to change at page 8, line 32 ¶ | |||
| In particular, while the operation of lexicographically ordering | In particular, while the operation of lexicographically ordering | |||
| member names by their Unicode code points is well defined, different | member names by their Unicode code points is well defined, different | |||
| platform sort functions may produce different results for non-ASCII | platform sort functions may produce different results for non-ASCII | |||
| characters, in ways that may not be obvious to developers. If | characters, in ways that may not be obvious to developers. If | |||
| writers of future specifications defining new JWK Key Type values | writers of future specifications defining new JWK Key Type values | |||
| choose to restrict themselves to ASCII member names (which are for | choose to restrict themselves to ASCII member names (which are for | |||
| machine and not human consumption anyway), some future | machine and not human consumption anyway), some future | |||
| interoperability problems might be avoided. | interoperability problems might be avoided. | |||
| Use of escaped characters in the input JWK representation should be | Use of escaped characters in the input JWK representation SHOULD be | |||
| avoided. | avoided. | |||
| While there is a natural representation to use for numeric values | While there is a natural representation to use for numeric values | |||
| that are integers, this specification doesn't attempt to define a | that are integers, this specification doesn't attempt to define a | |||
| standard representation for numbers that are not integers or that | standard representation for numbers that are not integers or that | |||
| contain an exponent component. This is not expected to be a problem | contain an exponent component. This is not expected to be a problem | |||
| in practice, as the REQUIRED members of JWK representations are not | in practice, as the REQUIRED members of JWK representations are not | |||
| expected to use numbers that are not integers. | expected to use numbers that are not integers. | |||
| Use of number representations containing fraction or exponent parts | Use of number representations containing fraction or exponent parts | |||
| in the input JWK representation should be avoided. | in the input JWK representation SHOULD be avoided. | |||
| All of these practical considerations are really an instance of Jon | All of these practical considerations are really an instance of Jon | |||
| Postel's principle: "Be liberal in what you accept, and conservative | Postel's principle: "Be liberal in what you accept, and conservative | |||
| in what you send." | in what you send." | |||
| 6. IANA Considerations | 5. IANA Considerations | |||
| 6.1. JWS and JWE Header Parameter Registration | ||||
| This specification registers the "jkt" Header Parameters defined in | ||||
| Sections 4.1 and 4.2 in the IANA JSON Web Signature and Encryption | ||||
| Header Parameters registry defined in [JWS]. | ||||
| 6.1.1. Registry Contents | ||||
| o Header Parameter Name: "jkt" | ||||
| o Header Parameter Description: JWS JWK Thumbprint | ||||
| o Header Parameter Usage Location(s): JWS | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 4.1 of [[ this document ]] | ||||
| o Header Parameter Name: "jkt" | ||||
| o Header Parameter Description: JWE JWK Thumbprint | ||||
| o Header Parameter Usage Location(s): JWE | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 4.2 of [[ this document ]] | ||||
| 6.2. JSON Web Key Parameters Registration | ||||
| This specification registers the "jkt" JWK member defined in | ||||
| Section 4.3 in the IANA JSON Web Key Parameters registry defined in | ||||
| [JWK]. | ||||
| 6.2.1. Registry Contents | ||||
| o Parameter Name: "jkt" | This specification makes no requests of IANA. | |||
| o Parameter Description: JWK Thumbprint | ||||
| o Used with "kty" Value(s): * | ||||
| o Parameter Information Class: Public | ||||
| o Change Controller: IESG | ||||
| o Specification Document(s): Section 4.3 of [[ this document ]] | ||||
| 7. Security Considerations | 6. Security Considerations | |||
| The JSON Security Considerations and Unicode Comparison Security | The JSON Security Considerations and Unicode Comparison Security | |||
| Considerations described in Sections 10.2 and 10.3 of JSON Web | Considerations described in Sections 10.2 and 10.3 of JSON Web | |||
| Signature (JWS) [JWS] also apply to this specification. | Signature (JWS) [JWS] also apply to this specification. | |||
| Also, as described in Section 5, some implementations may produce | Also, as described in Section 4, some implementations may produce | |||
| incorrect results if esoteric or escaped characters are used in the | incorrect results if esoteric or escaped characters are used in the | |||
| member names. The security implications of this appear to be limited | member names. The security implications of this appear to be limited | |||
| for JWK Thumbprints of public keys, since while it may result in | for JWK Thumbprints of public keys, since while it may result in | |||
| implementations failing to identify the intended key, it should not | implementations failing to identify the intended key, it should not | |||
| leak information, since the information in a public key is already | leak information, since the information in a public key is already | |||
| public in nature, by definition. | public in nature, by definition. | |||
| A hash of a symmetric key has the potential to leak information about | A hash of a symmetric key has the potential to leak information about | |||
| the key value. Thus, the JWK Thumbprint of a symmetric key should be | the key value. Thus, the JWK Thumbprint of a symmetric key should be | |||
| typically be concealed from parties not in possession of the | typically be concealed from parties not in possession of the | |||
| symmetric key, unless in the application context, the cryptographic | symmetric key, unless in the application context, the cryptographic | |||
| hash used, such as SHA-256, is known to provide sufficient protection | hash used, such as SHA-256, is known to provide sufficient protection | |||
| against disclosure of the key value. | against disclosure of the key value. | |||
| 8. References | A JWK Thumbprint will only uniquely identify a particular key if a | |||
| single unambiguous JWK representation for that key is defined and | ||||
| used when computing the JWK Thumbprint. (Such representations are | ||||
| defined for all the key types defined in JSON Web Algorithms (JWA) | ||||
| [JWA].) For example, if an RSA key were to use "e":"AAEAAQ" | ||||
| (representing [0, 1, 0, 1]) rather than the specified correct | ||||
| representation of "e":"AQAB" (representing [1, 0, 1]), a different | ||||
| thumbprint value would be produced for what could be effectively the | ||||
| same key, at least for implementations that are lax in validating the | ||||
| JWK values that they accept. Thus, JWK Thumbprint values can only be | ||||
| relied upon to be unique for a given key if the implementation also | ||||
| validates that the correct representation of the key is used. | ||||
| 8.1. Normative References | 7. References | |||
| 7.1. Normative References | ||||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", | [JWA] Jones, M., "JSON Web Algorithms (JWA)", | |||
| draft-ietf-jose-json-web-algorithms (work in progress), | draft-ietf-jose-json-web-algorithms (work in progress), | |||
| January 2015. | January 2015. | |||
| [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | |||
| draft-ietf-jose-json-web-encryption (work in progress), | draft-ietf-jose-json-web-encryption (work in progress), | |||
| January 2015. | January 2015. | |||
| [JWK] Jones, M., "JSON Web Key (JWK)", | [JWK] Jones, M., "JSON Web Key (JWK)", | |||
| skipping to change at page 11, line 39 ¶ | skipping to change at page 10, line 29 ¶ | |||
| [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data | [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data | |||
| Interchange Format", RFC 7159, March 2014. | Interchange Format", RFC 7159, March 2014. | |||
| [SHS] National Institute of Standards and Technology, "Secure | [SHS] National Institute of Standards and Technology, "Secure | |||
| Hash Standard (SHS)", FIPS PUB 180-4, March 2012. | Hash Standard (SHS)", FIPS PUB 180-4, March 2012. | |||
| [UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, | [UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, | |||
| <http://www.unicode.org/versions/latest/>. | <http://www.unicode.org/versions/latest/>. | |||
| 8.2. Informative References | 7.2. Informative References | |||
| [I-D.ietf-json-i-json] | [I-D.ietf-json-i-json] | |||
| Bray, T., "The I-JSON Message Format", | Bray, T., "The I-JSON Message Format", | |||
| draft-ietf-json-i-json-05 (work in progress), | draft-ietf-json-i-json-06 (work in progress), | |||
| December 2014. | January 2015. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| James Manger and John Bradley participated in discussions that led to | James Manger and John Bradley participated in discussions that led to | |||
| the creation of this specification. Jim Schaad also contributed to | the creation of this specification. Jim Schaad also contributed to | |||
| this specification. | this specification. | |||
| Appendix B. Document History | Appendix B. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| -02 | ||||
| o No longer register the new JSON Web Signature (JWS) and JSON Web | ||||
| Encryption (JWE) Header Parameters and the new JSON Web Key (JWK) | ||||
| member name "jkt" (JWK SHA-256 Thumbprint) for holding these | ||||
| values. | ||||
| o Added security considerations about the measures needed to ensure | ||||
| that a unique JWK Thumbprint value is produced for a key. | ||||
| o Added text saying that the base64url encoded JWK Thumbprint value | ||||
| could be used as a "kid" (key ID) value. | ||||
| o Broke a sentence up that used to be way too long. | ||||
| -01 | -01 | |||
| o Addressed issues pointed out by Jim Schaad, including defining the | o Addressed issues pointed out by Jim Schaad, including defining the | |||
| JWK Thumbprint computation in a manner that allows different hash | JWK Thumbprint computation in a manner that allows different hash | |||
| functions to be used over time. | functions to be used over time. | |||
| o Added Nat Sakimura as an editor. | o Added Nat Sakimura as an editor. | |||
| -00 | -00 | |||
| End of changes. 21 change blocks. | ||||
| 127 lines changed or deleted | 76 lines changed or added | |||
This html diff was produced by rfcdiff 1.49. The latest version is available from https://github.com/ietf-tools/rfcdiff | ||||