draft-ietf-jose-json-web-key-33.txt   draft-ietf-jose-json-web-key-34.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track September 25, 2014 Intended status: Standards Track October 14, 2014
Expires: March 29, 2015 Expires: April 17, 2015
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-33 draft-ietf-jose-json-web-key-34
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure that also defines a JSON Web Key Set (JWK Set) JSON data structure that
represents a set of JWKs. Cryptographic algorithms and identifiers represents a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification and IANA registries defined by Web Algorithms (JWA) specification and IANA registries defined by
that specification. that specification.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 29, 2015. This Internet-Draft will expire on April 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 30
4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9
4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9
4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)
Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9
5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10
5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10
6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10
7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12
8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13
8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14
8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15
8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15
8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16
8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16
8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16
8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17
8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18
8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18
8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19
8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19
8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19
9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20
9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20
9.2. Preventing Disclosure of Non-Public Key Information . . . 20 9.2. Preventing Disclosure of Non-Public Key Information . . . 20
9.3. RSA Private Key Representations and Blinding . . . . . . . 20 9.3. RSA Private Key Representations and Blinding . . . . . . . 21
9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21
10.2. Informative References . . . . . . . . . . . . . . . . . . 22 10.2. Informative References . . . . . . . . . . . . . . . . . . 23
Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24
A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24
A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24
A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Appendix B. Example Use of "x5c" (X.509 Certificate Chain)
Parameter . . . . . . . . . . . . . . . . . . . . . . 26 Parameter . . . . . . . . . . . . . . . . . . . . . . 26
Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27
C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28
C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31
C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31
C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32
C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32
skipping to change at page 4, line 35 skipping to change at page 4, line 35
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2. Section 2 of [JWS].
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING.
ASCII(STRING) denotes the octets of the ASCII [USASCII] ASCII(STRING) denotes the octets of the ASCII [USASCII]
representation of STRING. representation of STRING.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
skipping to change at page 5, line 46 skipping to change at page 5, line 46
including its value. This JSON object MAY contain white space and/or including its value. This JSON object MAY contain white space and/or
line breaks. This document defines the key parameters that are not line breaks. This document defines the key parameters that are not
algorithm specific, and thus common to many keys. algorithm specific, and thus common to many keys.
In addition to the common parameters, each JWK will have members that In addition to the common parameters, each JWK will have members that
are key type-specific. These members represent the parameters of the are key type-specific. These members represent the parameters of the
key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification
defines multiple kinds of cryptographic keys and their associated defines multiple kinds of cryptographic keys and their associated
members. members.
The member names within a JWK MUST be unique; recipients MUST either The member names within a JWK MUST be unique; JWK parsers MUST either
reject JWKs with duplicate member names or use a JSON parser that reject JWKs with duplicate member names or use a JSON parser that
returns only the lexically last duplicate member name, as specified returns only the lexically last duplicate member name, as specified
in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
Additional members can be present in the JWK; if not understood by Additional members can be present in the JWK; if not understood by
implementations encountering them, they MUST be ignored. Member implementations encountering them, they MUST be ignored. Member
names used for representing key parameters for different keys types names used for representing key parameters for different keys types
need not be distinct. Any new member name should either be need not be distinct. Any new member name should either be
registered in the IANA JSON Web Key Parameters registry defined in registered in the IANA JSON Web Key Parameters registry defined in
Section 8.1 or be a value that contains a Collision-Resistant Name. Section 8.1 or be a value that contains a Collision-Resistant Name.
4.1. "kty" (Key Type) Parameter 4.1. "kty" (Key Type) Parameter
The "kty" (key type) member identifies the cryptographic algorithm The "kty" (key type) member identifies the cryptographic algorithm
family used with the key. "kty" values should either be registered in family used with the key, such as "RSA" or "EC". "kty" values should
the IANA JSON Web Key Types registry defined in [JWA] or be a value either be registered in the IANA JSON Web Key Types registry defined
that contains a Collision-Resistant Name. The "kty" value is a case- in [JWA] or be a value that contains a Collision-Resistant Name. The
sensitive string. This member MUST be present in a JWK. "kty" value is a case-sensitive string. This member MUST be present
in a JWK.
A list of defined "kty" values can be found in the IANA JSON Web Key A list of defined "kty" values can be found in the IANA JSON Web Key
Types registry defined in [JWA]; the initial contents of this Types registry defined in [JWA]; the initial contents of this
registry are the values defined in Section 6.1 of the JSON Web registry are the values defined in Section 6.1 of the JSON Web
Algorithms (JWA) [JWA] specification. Algorithms (JWA) [JWA] specification.
The key type definitions include specification of the members to be The key type definitions include specification of the members to be
used for those key types. Additional members used with "kty" values used for those key types. Additional members used with "kty" values
can also be found in the IANA JSON Web Key Parameters registry can also be found in the IANA JSON Web Key Parameters registry
defined in Section 8.1. defined in Section 8.1.
skipping to change at page 8, line 37 skipping to change at page 8, line 38
When used with JWS or JWE, the "kid" value is used to match a JWS or When used with JWS or JWE, the "kid" value is used to match a JWS or
JWE "kid" Header Parameter value. JWE "kid" Header Parameter value.
4.6. "x5u" (X.509 URL) Parameter 4.6. "x5u" (X.509 URL) Parameter
The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a
resource for an X.509 public key certificate or certificate chain resource for an X.509 public key certificate or certificate chain
[RFC5280]. The identified resource MUST provide a representation of [RFC5280]. The identified resource MUST provide a representation of
the certificate or certificate chain that conforms to RFC 5280 the certificate or certificate chain that conforms to RFC 5280
[RFC5280] in PEM encoded form [RFC1421]. The key in the first [RFC5280] in PEM encoded form, with each certificate delimited as
specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first
certificate MUST match the public key represented by other members of certificate MUST match the public key represented by other members of
the JWK. The protocol used to acquire the resource MUST provide the JWK. The protocol used to acquire the resource MUST provide
integrity protection; an HTTP GET request to retrieve the certificate integrity protection; an HTTP GET request to retrieve the certificate
MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be
validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this
member is OPTIONAL. member is OPTIONAL.
While there is no requirement that optional JWK members providing key While there is no requirement that optional JWK members providing key
usage, algorithm, or other information be present when the "x5u" usage, algorithm, or other information be present when the "x5u"
member is used, doing so may improve interoperability for member is used, doing so may improve interoperability for
skipping to change at page 10, line 15 skipping to change at page 10, line 18
As with the "x5u" member, optional JWK members providing key usage, As with the "x5u" member, optional JWK members providing key usage,
algorithm, or other information MAY also be present when the algorithm, or other information MAY also be present when the
"x5t#S256" member is used. If other members are present, the "x5t#S256" member is used. If other members are present, the
contents of those members MUST be semantically consistent with the contents of those members MUST be semantically consistent with the
related fields in the referenced certificate. See the last paragraph related fields in the referenced certificate. See the last paragraph
of Section 4.6 for additional guidance on this. of Section 4.6 for additional guidance on this.
5. JSON Web Key Set (JWK Set) Format 5. JSON Web Key Set (JWK Set) Format
A JSON Web Key Set (JWK Set) is a JSON object that represents a set A JSON Web Key Set (JWK Set) is a JSON object that represents a set
of JWKs. The JSON object MUST have a "keys" member, which is an of JWKs. The JSON object MUST have a "keys" member, with its value
array of JWK objects. This JSON object MAY contain white space being an array of JWK objects. This JSON object MAY contain white
and/or line breaks. space and/or line breaks.
The member names within a JWK Set MUST be unique; recipients MUST The member names within a JWK Set MUST be unique; JWK Set parsers
either reject JWK Sets with duplicate member names or use a JSON MUST either reject JWK Sets with duplicate member names or use a JSON
parser that returns only the lexically last duplicate member name, as parser that returns only the lexically last duplicate member name, as
specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1
[ECMAScript]. [ECMAScript].
Additional members can be present in the JWK Set; if not understood Additional members can be present in the JWK Set; if not understood
by implementations encountering them, they MUST be ignored. by implementations encountering them, they MUST be ignored.
Parameters for representing additional properties of JWK Sets should Parameters for representing additional properties of JWK Sets should
either be registered in the IANA JSON Web Key Set Parameters registry either be registered in the IANA JSON Web Key Set Parameters registry
defined in Section 8.4 or be a value that contains a Collision- defined in Section 8.4 or be a value that contains a Collision-
Resistant Name. Resistant Name.
skipping to change at page 10, line 43 skipping to change at page 10, line 46
(key type) values that are not understood by them, are missing (key type) values that are not understood by them, are missing
required members, or for which values are out of the supported required members, or for which values are out of the supported
ranges. ranges.
5.1. "keys" Parameter 5.1. "keys" Parameter
The value of the "keys" member is an array of JWK values. By The value of the "keys" member is an array of JWK values. By
default, the order of the JWK values within the array does not imply default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if can choose to assign a meaning to the order for their purposes, if
desired. This member MUST be present in a JWK Set. desired.
6. String Comparison Rules 6. String Comparison Rules
The string comparison rules for this specification are the same as The string comparison rules for this specification are the same as
those defined in Section 5.3 of [JWS]. those defined in Section 5.3 of [JWS].
7. Encrypted JWK and Encrypted JWK Set Formats 7. Encrypted JWK and Encrypted JWK Set Formats
Access to JWKs containing non-public key material by parties without Access to JWKs containing non-public key material by parties without
legitimate access to the non-public information MUST be prevented. legitimate access to the non-public information MUST be prevented.
skipping to change at page 12, line 9 skipping to change at page 12, line 12
for access token type: example"). [[ Note to the RFC Editor: The name for access token type: example"). [[ Note to the RFC Editor: The name
of the mailing list should be determined in consultation with the of the mailing list should be determined in consultation with the
IESG and IANA. Suggested name: jose-reg-review. ]] IESG and IANA. Suggested name: jose-reg-review. ]]
Within the review period, the Designated Expert(s) will either Within the review period, the Designated Expert(s) will either
approve or deny the registration request, communicating this decision approve or deny the registration request, communicating this decision
to the review list and IANA. Denials should include an explanation to the review list and IANA. Denials should include an explanation
and, if applicable, suggestions as to how to make the request and, if applicable, suggestions as to how to make the request
successful. Registration requests that are undetermined for a period successful. Registration requests that are undetermined for a period
longer than 21 days can be brought to the IESG's attention (using the longer than 21 days can be brought to the IESG's attention (using the
iesg@iesg.org mailing list) for resolution. iesg@ietf.org mailing list) for resolution.
Criteria that should be applied by the Designated Expert(s) includes Criteria that should be applied by the Designated Expert(s) includes
determining whether the proposed registration duplicates existing determining whether the proposed registration duplicates existing
functionality, determining whether it is likely to be of general functionality, determining whether it is likely to be of general
applicability or whether it is useful only for a single application, applicability or whether it is useful only for a single application,
and whether the registration makes sense. and whether the registration description is clear.
IANA must only accept registry updates from the Designated Expert(s) IANA must only accept registry updates from the Designated Expert(s)
and should direct all requests for registration to the review mailing and should direct all requests for registration to the review mailing
list. list.
It is suggested that multiple Designated Experts be appointed who are It is suggested that multiple Designated Experts be appointed who are
able to represent the perspectives of different applications using able to represent the perspectives of different applications using
this specification, in order to enable broadly-informed review of this specification, in order to enable broadly-informed review of
registration decisions. In cases where a registration decision could registration decisions. In cases where a registration decision could
be perceived as creating a conflict of interest for a particular be perceived as creating a conflict of interest for a particular
Expert, that Expert should defer to the judgment of the other Expert, that Expert should defer to the judgment of the other
Expert(s). Expert(s).
[[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had
requested that the draft supply the following proposed registry
description information. It is to be used for all registries
established by this specification.
o Protocol Category: JSON Object Signing and Encryption (JOSE)
o Registry Location: http://www.iana.org/assignments/jose
o Webpage Title: (same as the protocol category)
o Registry Name: (same as the section title, but excluding the word
"Registry", for example "JSON Web Key Parameters")
]]
8.1. JSON Web Key Parameters Registry 8.1. JSON Web Key Parameters Registry
This specification establishes the IANA JSON Web Key Parameters This specification establishes the IANA JSON Web Key Parameters
registry for JWK parameter names. The registry records the parameter registry for JWK parameter names. The registry records the parameter
name, the key type(s) that the parameter is used with, and a name, the key type(s) that the parameter is used with, and a
reference to the specification that defines it. It also records reference to the specification that defines it. It also records
whether the parameter conveys public or private information. This whether the parameter conveys public or private information. This
specification registers the parameter names defined in Section 4. specification registers the parameter names defined in Section 4.
The same JWK parameter name may be registered multiple times, The same JWK parameter name may be registered multiple times,
provided that duplicate parameter registrations are only for key type provided that duplicate parameter registrations are only for key type
skipping to change at page 18, line 44 skipping to change at page 19, line 18
o Parameter Description: Array of JWK values o Parameter Description: Array of JWK values
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
8.5. Media Type Registration 8.5. Media Type Registration
8.5.1. Registry Contents 8.5.1. Registry Contents
This specification registers the "application/jwk+json" and This specification registers the "application/jwk+json" and
"application/jwk-set+json" Media Types [RFC2046] in the MIME Media "application/jwk-set+json" Media Types [RFC2046] in the MIME Media
Types registry [IANA.MediaTypes], which can be used to indicate, Types registry [IANA.MediaTypes] in the manner described in RFC 6838
respectively, that the content is a JWK or a JWK Set. [RFC6838], which can be used to indicate, respectively, that the
content is a JWK or a JWK Set.
o Type Name: application o Type Name: application
o Subtype Name: jwk+json o Subtype Name: jwk+json
o Required Parameters: n/a o Required Parameters: n/a
o Optional Parameters: n/a o Optional Parameters: n/a
o Encoding considerations: 8bit; application/jwk+json values are o Encoding considerations: 8bit; application/jwk+json values are
represented as JSON object; UTF-8 encoding SHOULD be employed for represented as JSON object; UTF-8 encoding SHOULD be employed for
the JSON object. the JSON object.
o Security Considerations: See the Security Considerations section o Security Considerations: See the Security Considerations section
of [[ this document ]] of [[ this document ]]
o Interoperability Considerations: n/a o Interoperability Considerations: n/a
o Published Specification: [[ this document ]] o Published Specification: [[ this document ]]
o Applications that use this media type: TBD o Applications that use this media type: OpenID Connect, Salesforce,
Google, Android, Windows Azure, W3C WebCrypto API, numerous others
o Fragment identifier considerations: n/a
o Additional Information: Magic number(s): n/a, File extension(s): o Additional Information: Magic number(s): n/a, File extension(s):
n/a, Macintosh file type code(s): n/a n/a, Macintosh file type code(s): n/a
o Person & email address to contact for further information: Michael o Person & email address to contact for further information: Michael
B. Jones, mbj@microsoft.com B. Jones, mbj@microsoft.com
o Intended Usage: COMMON o Intended Usage: COMMON
o Restrictions on Usage: none o Restrictions on Usage: none
o Author: Michael B. Jones, mbj@microsoft.com o Author: Michael B. Jones, mbj@microsoft.com
o Change Controller: IESG o Change Controller: IESG
o Provisional registration? No
o Type Name: application o Type Name: application
o Subtype Name: jwk-set+json o Subtype Name: jwk-set+json
o Required Parameters: n/a o Required Parameters: n/a
o Optional Parameters: n/a o Optional Parameters: n/a
o Encoding considerations: 8bit; application/jwk-set+json values are o Encoding considerations: 8bit; application/jwk-set+json values are
represented as a JSON Object; UTF-8 encoding SHOULD be employed represented as a JSON Object; UTF-8 encoding SHOULD be employed
for the JSON object. for the JSON object.
o Security Considerations: See the Security Considerations section o Security Considerations: See the Security Considerations section
of [[ this document ]] of [[ this document ]]
o Interoperability Considerations: n/a o Interoperability Considerations: n/a
o Published Specification: [[ this document ]] o Published Specification: [[ this document ]]
o Applications that use this media type: TBD o Applications that use this media type: OpenID Connect, Salesforce,
Google, Android, Windows Azure, W3C WebCrypto API, numerous others
o Fragment identifier considerations: n/a
o Additional Information: Magic number(s): n/a, File extension(s): o Additional Information: Magic number(s): n/a, File extension(s):
n/a, Macintosh file type code(s): n/a n/a, Macintosh file type code(s): n/a
o Person & email address to contact for further information: Michael o Person & email address to contact for further information: Michael
B. Jones, mbj@microsoft.com B. Jones, mbj@microsoft.com
o Intended Usage: COMMON o Intended Usage: COMMON
o Restrictions on Usage: none o Restrictions on Usage: none
o Author: Michael B. Jones, mbj@microsoft.com o Author: Michael B. Jones, mbj@microsoft.com
o Change Controller: IESG o Change Controller: IESG
o Provisional registration? No
9. Security Considerations 9. Security Considerations
All of the security issues that are pertinent to any cryptographic All of the security issues that are pertinent to any cryptographic
application must be addressed by JWS/JWE/JWK agents. Among these application must be addressed by JWS/JWE/JWK agents. Among these
issues are protecting the user's asymmetric private and symmetric issues are protecting the user's asymmetric private and symmetric
secret keys and employing countermeasures to various attacks. secret keys and employing countermeasures to various attacks.
9.1. Key Provenance and Trust 9.1. Key Provenance and Trust
skipping to change at page 21, line 31 skipping to change at page 22, line 7
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
September 2014. October 2014.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), draft-ietf-jose-json-web-encryption (work in progress),
September 2014. October 2014.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), September 2014. in progress), October 2014.
[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encryption and Authentication
Procedures", RFC 1421, February 1993.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996. November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC4945] Korver, B., "The Internet IP Security PKI Profile of
IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
skipping to change at page 23, line 20 skipping to change at page 23, line 42
Standards (PKCS) #1: RSA Cryptography Specifications Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003. Version 2.1", RFC 3447, February 2003.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric
Key Container (PSKC)", RFC 6030, October 2010. Key Container (PSKC)", RFC 6030, October 2010.
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", BCP 13,
RFC 6838, January 2013.
[W3C.NOTE-xmldsig-core2-20130411] [W3C.NOTE-xmldsig-core2-20130411]
Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler,
T., Yiu, K., Datta, P., and S. Cantor, "XML Signature T., Yiu, K., Datta, P., and S. Cantor, "XML Signature
Syntax and Processing Version 2.0", World Wide Web Syntax and Processing Version 2.0", World Wide Web
Consortium Note NOTE-xmldsig-core2-20130411, April 2013, Consortium Note NOTE-xmldsig-core2-20130411, April 2013,
<http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>. <http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>.
[WebCrypto] [WebCrypto]
Sleevi, R. and M. Watson, "Web Cryptography API", World Sleevi, R. and M. Watson, "Web Cryptography API", World
Wide Web Consortium Draft, March 2014, Wide Web Consortium Draft, March 2014,
skipping to change at page 36, line 47 skipping to change at page 36, line 47
88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD
IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg
Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication
Tag) gives this value: Tag) gives this value:
0HFmhOzsQ98nNWJjIHkR7A 0HFmhOzsQ98nNWJjIHkR7A
C.9. Complete Representation C.9. Complete Representation
Assemble the final representation: The Compact Serialization of this Assemble the final representation: The JWE Compact Serialization of
result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || this result, as defined in Section 7.1 of [JWE], is the string
BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE
Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.'
Authentication Tag). || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication
Tag).
The final result in this example is: The final result in this example is:
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn
VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi
andrK2pzb24ifQ. andrK2pzb24ifQ.
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA.
Ye9j1qs22DmRSAddIh-VnA. Ye9j1qs22DmRSAddIh-VnA.
AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g
skipping to change at page 38, line 16 skipping to change at page 38, line 16
Thanks to Matt Miller for creating the encrypted key example and to Thanks to Matt Miller for creating the encrypted key example and to
Edmund Jay and Brian Campbell for validating the example. Edmund Jay and Brian Campbell for validating the example.
This specification is the work of the JOSE Working Group, which This specification is the work of the JOSE Working Group, which
includes dozens of active and dedicated participants. In particular, includes dozens of active and dedicated participants. In particular,
the following individuals contributed ideas, feedback, and wording the following individuals contributed ideas, feedback, and wording
that influenced this specification: that influenced this specification:
Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de
Medeiros, Joe Hildebrand, Edmund Jay, Stephen Kent, Ben Laurie, James Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent,
Manger, Matt Miller, Kathleen Moriarty, Chuck Mortimore, Tony Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck
Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat Sakimura, Jim Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla,
Schaad, Ryan Sleevi, Paul Tarjan, Hannes Tschofenig, and Sean Turner. Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan,
Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-34
o Addressed IESG review comments by Pete Resnick, Stephen Farrell,
and Richard Barnes.
o Referenced RFC 4945 for PEM certificate delimiter syntax.
-33 -33
o Addressed secdir review comments by Stephen Kent for which o Addressed secdir review comments by Stephen Kent for which
resolutions had mistakenly been omitted in the previous draft. resolutions had mistakenly been omitted in the previous draft.
o Acknowledged additional contributors. o Acknowledged additional contributors.
-32 -32
o Addressed Gen-ART review comments by Russ Housley. o Addressed Gen-ART review comments by Russ Housley.
 End of changes. 34 change blocks. 
52 lines changed or deleted 90 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/