draft-ietf-jose-json-web-algorithms-32.txt   draft-ietf-jose-json-web-algorithms-33.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track September 23, 2014 Intended status: Standards Track September 25, 2014
Expires: March 27, 2015 Expires: March 29, 2015
JSON Web Algorithms (JWA) JSON Web Algorithms (JWA)
draft-ietf-jose-json-web-algorithms-32 draft-ietf-jose-json-web-algorithms-33
Abstract Abstract
The JSON Web Algorithms (JWA) specification registers cryptographic The JSON Web Algorithms (JWA) specification registers cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK)
specifications. It defines several IANA registries for these specifications. It defines several IANA registries for these
identifiers. identifiers.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 27, 2015. This Internet-Draft will expire on March 29, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 6, line 23 skipping to change at page 6, line 23
"Key Encryption", "Key Management Mode", "Key Wrapping", and "Key Encryption", "Key Management Mode", "Key Wrapping", and
"Plaintext". "Plaintext".
These terms defined by the JSON Web Key (JWK) [JWK] specification are These terms defined by the JSON Web Key (JWK) [JWK] specification are
incorporated into this specification: "JSON Web Key (JWK)" and "JSON incorporated into this specification: "JSON Web Key (JWK)" and "JSON
Web Key Set (JWK Set)". Web Key Set (JWK Set)".
3. Cryptographic Algorithms for Digital Signatures and MACs 3. Cryptographic Algorithms for Digital Signatures and MACs
JWS uses cryptographic algorithms to digitally sign or create a JWS uses cryptographic algorithms to digitally sign or create a
Message Authentication Codes (MAC) of the contents of the JWS Message Authentication Code (MAC) of the contents of the JWS
Protected Header and the JWS Payload. Protected Header and the JWS Payload.
3.1. "alg" (Algorithm) Header Parameter Values for JWS 3.1. "alg" (Algorithm) Header Parameter Values for JWS
The table below is the set of "alg" (algorithm) header parameter The table below is the set of "alg" (algorithm) header parameter
values defined by this specification for use with JWS, each of which values defined by this specification for use with JWS, each of which
is explained in more detail in the following sections: is explained in more detail in the following sections:
+---------------+------------------------------+--------------------+ +---------------+------------------------------+--------------------+
| alg Parameter | Digital Signature or MAC | Implementation | | alg Parameter | Digital Signature or MAC | Implementation |
skipping to change at page 33, line 17 skipping to change at page 33, line 17
The "k" (key value) member contains the value of the symmetric (or The "k" (key value) member contains the value of the symmetric (or
other single-valued) key. It is represented as the base64url other single-valued) key. It is represented as the base64url
encoding of the octet sequence containing the key value. encoding of the octet sequence containing the key value.
7. IANA Considerations 7. IANA Considerations
The following registration procedure is used for all the registries The following registration procedure is used for all the registries
established by this specification. established by this specification.
Values are registered on a Specification Required [RFC5226] basis Values are registered on a Specification Required [RFC5226] basis
after a two-week review period on the [TBD]@ietf.org mailing list, on after a three-week review period on the [TBD]@ietf.org mailing list,
the advice of one or more Designated Experts. However, to allow for on the advice of one or more Designated Experts. However, to allow
the allocation of values prior to publication, the Designated for the allocation of values prior to publication, the Designated
Expert(s) may approve registration once they are satisfied that such Expert(s) may approve registration once they are satisfied that such
a specification will be published. a specification will be published.
Registration requests must be sent to the [TBD]@ietf.org mailing list Registration requests must be sent to the [TBD]@ietf.org mailing list
for review and comment, with an appropriate subject (e.g., "Request for review and comment, with an appropriate subject (e.g., "Request
for access token type: example"). [[ Note to the RFC Editor: The name for access token type: example"). [[ Note to the RFC Editor: The name
of the mailing list should be determined in consultation with the of the mailing list should be determined in consultation with the
IESG and IANA. Suggested name: jose-reg-review. ]] IESG and IANA. Suggested name: jose-reg-review. ]]
Within the review period, the Designated Expert(s) will either Within the review period, the Designated Expert(s) will either
skipping to change at page 65, line 14 skipping to change at page 65, line 14
[I-D.miller-jose-jwe-protected-jwk], which the password-based [I-D.miller-jose-jwe-protected-jwk], which the password-based
encryption content of this draft is based upon. encryption content of this draft is based upon.
This specification is the work of the JOSE Working Group, which This specification is the work of the JOSE Working Group, which
includes dozens of active and dedicated participants. In particular, includes dozens of active and dedicated participants. In particular,
the following individuals contributed ideas, feedback, and wording the following individuals contributed ideas, feedback, and wording
that influenced this specification: that influenced this specification:
Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de
Medeiros, Vladimir Dzhuvinov, Yaron Y. Goland, Dick Hardt, Joe Medeiros, Vladimir Dzhuvinov, Roni Even, Yaron Y. Goland, Dick Hardt,
Hildebrand, Jeff Hodges, Edmund Jay, James Manger, Matt Miller, Joe Hildebrand, Jeff Hodges, Edmund Jay, Charlie Kaufman, James
Kathleen Moriarty, Tony Nadalin, Axel Nennker, John Panzer, Emmanuel Manger, Matt Miller, Kathleen Moriarty, Tony Nadalin, Axel Nennker,
Raviart, Eric Rescorla, Nat Sakimura, Jim Schaad, Hannes Tschofenig, John Panzer, Emmanuel Raviart, Eric Rescorla, Nat Sakimura, Jim
and Sean Turner. Schaad, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-33
o Changed the registration review period to three weeks.
o Acknowledged additional contributors.
-32 -32
o Added a note to implementers about libraries that prefix an extra o Added a note to implementers about libraries that prefix an extra
zero-valued octet to RSA modulus representations returned. zero-valued octet to RSA modulus representations returned.
o Addressed secdir review comments by Charlie Kaufman, Scott Kelly, o Addressed secdir review comments by Charlie Kaufman, Scott Kelly,
and Stephen Kent. and Stephen Kent.
o Addressed Gen-ART review comments by Roni Even. o Addressed Gen-ART review comments by Roni Even.
 End of changes. 7 change blocks. 
13 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/