ietf
[Top] [All Lists]

RE: Secdir review of draft-ietf-jose-json-web-signature-31

2014-09-22 14:21:08
For your point "4) Thumbprint formats" if you or someone else wants to 
define an additional thumbprint format for use in IoT contexts (or any 
other contexts), I encourage you to write an Internet Draft that does 
so, registering the new header parameter defined in the JSON Web 
Signature and Encryption Header Parameters registry.

That can of course be done, but I would have hoped the initial version of the 
specification would also be usable in the IoT context, where the use of raw 
public keys will most likely arise.

If what you want is a thumbprint over a raw key, see the individual submission 
draft https://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-01, which 
defines a method for doing this.  The -01 version incorporates working group 
feedback from Toronto.  In Toronto, I'd asked whether the working group wanted 
to adopt it as a working group draft and a decision hasn't been made on that 
yet.  If this would be useful for IoT applications, that would be good to know.

                                -- Mike