draft-ietf-jose-jwk-thumbprint-01.txt   draft-ietf-jose-jwk-thumbprint-02.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track N. Sakimura Intended status: Standards Track N. Sakimura
Expires: July 26, 2015 NRI Expires: August 23, 2015 NRI
January 22, 2015 February 19, 2015
JSON Web Key (JWK) Thumbprint JSON Web Key (JWK) Thumbprint
draft-ietf-jose-jwk-thumbprint-01 draft-ietf-jose-jwk-thumbprint-02
Abstract Abstract
This specification defines a means of computing a thumbprint value This specification defines a means of computing a thumbprint value
(a.k.a. digest) of JSON Web Key (JWK) objects analogous to the "x5t" (a.k.a. digest) of JSON Web Key (JWK) objects analogous to the "x5t"
(X.509 Certificate SHA-1 Thumbprint) value defined for X.509 (X.509 Certificate SHA-1 Thumbprint) value defined for X.509
certificate objects. This specification also registers the new JSON certificate objects.
Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters
and the new JSON Web Key (JWK) member name "jkt" (JWK SHA-256
Thumbprint) for holding these values.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 26, 2015. This Internet-Draft will expire on August 23, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3 3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3
3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4 3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4
3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5 3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5
3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6 3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6
3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6 3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6
3.3. Order and Representation of Members in Hash Input . . . . 7 3.3. Order and Representation of Members in Hash Input . . . . 7
3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 7 3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 7
4. "jkt" Member Definitions . . . . . . . . . . . . . . . . . . . 8 4. Practical JSON and Unicode Considerations . . . . . . . . . . 8
4.1. "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
4.2. "jkt" (JWK SHA-256 Thumbprint) JWE Header Parameter . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
4.3. "jkt" (JWK SHA-256 Thumbprint) JWK Parameter . . . . . . . 8 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4. Possible Future Alternative Thumbprint Computations . . . 8 7.1. Normative References . . . . . . . . . . . . . . . . . . . 9
5. Practical JSON and Unicode Considerations . . . . . . . . . . 8 7.2. Informative References . . . . . . . . . . . . . . . . . . 10
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 10
6.1. JWS and JWE Header Parameter Registration . . . . . . . . 9 Appendix B. Document History . . . . . . . . . . . . . . . . . . 10
6.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
6.2. JSON Web Key Parameters Registration . . . . . . . . . . . 10
6.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 11
Appendix B. Document History . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
This specification defines a means of computing a thumbprint value This specification defines a means of computing a thumbprint value
(a.k.a. digest) of JSON Web Key (JWK) [JWK] objects analogous to the (a.k.a. digest) of JSON Web Key (JWK) [JWK] objects analogous to the
"x5t" (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 "x5t" (X.509 Certificate SHA-1 Thumbprint) value defined for X.509
certificate objects. This specification also registers the new JSON certificate objects. This value can be used for identifying or
Web Signature (JWS) [JWS] and JSON Web Encryption (JWE) [JWE] Header selecting the key that is the subject of the thumbprint, for
Parameters and the new JSON Web Key (JWK) [JWK] member name "jkt" instance, by using the base64url encoded JWK Thumbprint value as a
(JWK SHA-256 Thumbprint) for holding these values. "kid" (key ID) value.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. words for use in RFCs to Indicate Requirement Levels [RFC2119].
2. Terminology 2. Terminology
skipping to change at page 3, line 36 skipping to change at page 3, line 36
(JWE) [JWE], and JSON Web Algorithms (JWA) [JWA] specifications. (JWE) [JWE], and JSON Web Algorithms (JWA) [JWA] specifications.
This term is defined by this specification: This term is defined by this specification:
JWK Thumbprint JWK Thumbprint
The digest value for a key that is the subject of this The digest value for a key that is the subject of this
specification. specification.
3. JSON Web Key (JWK) Thumbprint 3. JSON Web Key (JWK) Thumbprint
This specification defines the thumbprint of a JSON Web Key (JWK) as The thumbprint of a JSON Web Key (JWK) is computed as follows:
being a function of the REQUIRED members of the key's JWK
representation and a hash function. Specifically, for a hash 1. Construct a JSON object [RFC7159] containing only the REQUIRED
function H, this function is the hash with H of the octets of the members of a JWK representing the key and with no white space or
UTF-8 representation of a JSON object [RFC7159] constructed line breaks before or after any syntactic elements and with the
containing only the REQUIRED members of a JWK representing the key REQUIRED members ordered lexicographically by the Unicode
and with no white space or line breaks before or after any syntactic [UNICODE] code points of the member names. (This JSON object is
elements and with the REQUIRED members ordered lexicographically by itself a legal JWK representation of the key.)
the Unicode [UNICODE] code points of the member names. This JSON
object is itself a legal JWK representation of the key. The details 2. Hash the octets of the UTF-8 representation of this JSON object
of this computation are further described in subsequent sections. with a cryptographic hash function H. For example, SHA-256 [SHS]
might be used as H.
The resulting value is the JWK Thumbprint with H of the JWK. The
details of this computation are further described in subsequent
sections.
3.1. Example JWK Thumbprint Computation 3.1. Example JWK Thumbprint Computation
This section demonstrates the JWK Thumbprint computation for the JWK This section demonstrates the JWK Thumbprint computation for the JWK
below (with long lines broken for display purposes only): below (with long lines broken for display purposes only):
{ {
"kty": "RSA", "kty": "RSA",
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt
VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6 VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6
skipping to change at page 5, line 35 skipping to change at page 5, line 38
74, 122, 75, 110, 113, 68, 75, 103, 119, 34, 125] 74, 122, 75, 110, 113, 68, 75, 103, 119, 34, 125]
Using SHA-256 [SHS] as the hash function H, the JWK SHA-256 Using SHA-256 [SHS] as the hash function H, the JWK SHA-256
Thumbprint value is the SHA-256 hash of these octets, specifically: Thumbprint value is the SHA-256 hash of these octets, specifically:
[55, 54, 203, 177, 120, 124, 184, 48, 156, 119, 238, 140, 55, 5, 197, [55, 54, 203, 177, 120, 124, 184, 48, 156, 119, 238, 140, 55, 5, 197,
225, 111, 251, 158, 133, 151, 21, 144, 31, 30, 76, 89, 177, 17, 130, 225, 111, 251, 158, 133, 151, 21, 144, 31, 30, 76, 89, 177, 17, 130,
245, 123] 245, 123]
The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value
(which would be used in the "jkt" members registered below) is: (which might, for instance, be used as a "kid" (key ID) value) is:
NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs
3.2. JWK Members Used in the Thumbprint Computation 3.2. JWK Members Used in the Thumbprint Computation
Only the REQUIRED members of a key's representation are used when Only the REQUIRED members of a key's representation are used when
computing its JWK Thumbprint value. As defined in JSON Web Key (JWK) computing its JWK Thumbprint value. As defined in JSON Web Key (JWK)
[JWK] and JSON Web Algorithms (JWA) [JWA], the REQUIRED members of an [JWK] and JSON Web Algorithms (JWA) [JWA], the REQUIRED members of an
elliptic curve public key for the curves specified in Section 6.2.1.1 elliptic curve public key for the curves specified in Section 6.2.1.1
of [JWK], in lexicographic order, are: of [JWK], in lexicographic order, are:
skipping to change at page 7, line 42 skipping to change at page 7, line 44
are integers, they MUST be represented as a JSON number as defined in are integers, they MUST be represented as a JSON number as defined in
Section 6 of [RFC7159] without including a fraction part or exponent Section 6 of [RFC7159] without including a fraction part or exponent
part. For instance, the value "1.024e3" MUST be represented as part. For instance, the value "1.024e3" MUST be represented as
"1024". This means that thumbprints of JWKs that use numbers that "1024". This means that thumbprints of JWKs that use numbers that
are not integers are not defined by this specification. Also, as are not integers are not defined by this specification. Also, as
noted in The I-JSON Message Format [I-D.ietf-json-i-json], noted in The I-JSON Message Format [I-D.ietf-json-i-json],
implementations cannot expect an integer whose absolute value is implementations cannot expect an integer whose absolute value is
greater than 9007199254740991 (i.e., that is outside the range greater than 9007199254740991 (i.e., that is outside the range
[-(2**53)+1, (2**53)-1]) to be treated as an exact value. [-(2**53)+1, (2**53)-1]) to be treated as an exact value.
See Section 5 for a discussion of further practical considerations See Section 4 for a discussion of further practical considerations
pertaining to the representation of the hash input. pertaining to the representation of the hash input.
3.4. JWK Thumbprints of Keys Not in JWK Format 3.4. JWK Thumbprints of Keys Not in JWK Format
Note that a key need not be in JWK format to create a JWK Thumbprint Note that a key need not be in JWK format to create a JWK Thumbprint
of it. The only prerequisites are that the JWK representation of the of it. The only prerequisites are that the JWK representation of the
key be defined and the party creating the JWK Thumbprint is in key be defined and the party creating the JWK Thumbprint is in
possession of the necessary key material. These are sufficient to possession of the necessary key material. These are sufficient to
create the hash input from the JWK representation of the key, as create the hash input from the JWK representation of the key, as
described in Section 3.3. described in Section 3.3.
4. "jkt" Member Definitions 4. Practical JSON and Unicode Considerations
This section defines "jkt" (JWK SHA-256 Thumbprint) members used for
holding base64url encoded JWK Thumbprint values in JWK, JWS, and JWE
objects.
4.1. "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter
The "jkt" (JWK SHA-256 Thumbprint) JWS Header Parameter is a
base64url encoded JWK Thumbprint (a.k.a. digest) of the public key
that corresponds to the key used to digitally sign the JWS. Use of
this JWS Header Parameter is OPTIONAL.
4.2. "jkt" (JWK SHA-256 Thumbprint) JWE Header Parameter
This parameter has the same meaning, syntax, and processing rules as
the "jkt" JWS Header Parameter defined in Section 4.1, except that
the JWK Thumbprint references the public key to which the JWE was
encrypted; this can be used to determine the private key needed to
decrypt the JWE.
4.3. "jkt" (JWK SHA-256 Thumbprint) JWK Parameter
The "jkt" (JWK SHA-256 Thumbprint) JWK parameter is a base64url
encoded JWK Thumbprint (a.k.a. digest) of the JWK. If present, the
JWK Thumbprint value represented MUST have been computed from the
other members of the JWK as described in Section 3. Use of this
member is OPTIONAL.
4.4. Possible Future Alternative Thumbprint Computations
If, in the future, JWK Thumbprints need to be computed using hash
functions other than SHA-256, it is suggested that additional related
JWK, JWS, and JWE parameters be defined for that purpose. For
example, it is suggested that a new "jkt#S3-256" (JWK SHA-3-256
Thumbprint) JWK parameter could be defined by registering it in the
IANA JSON Web Key Parameters registry and the IANA JSON Web Signature
and Encryption Header Parameters registry.
5. Practical JSON and Unicode Considerations
Implementations will almost certainly use functionality provided by Implementations will almost certainly use functionality provided by
the platform's JSON support, such as the JavaScript JSON.parse() the platform's JSON support, such as the JavaScript JSON.parse()
JSON.stringify() functions, when parsing the JWK and emitting the JSON.stringify() functions, when parsing the JWK and emitting the
JSON object used as the hash input. As a practical consideration, JSON object used as the hash input. As a practical consideration,
future JWK member names should be avoided for which different future JWK member names should be avoided for which different
platforms or libraries might emit different representations. As of platforms or libraries might emit different representations. As of
the time of this writing, currently all defined JWK member names use the time of this writing, currently all defined JWK member names use
only printable ASCII characters, which should not exhibit this only printable ASCII characters, which should not exhibit this
problem. Note however, that JSON.stringify() cannot be counted on to problem. Note however, that JSON.stringify() cannot be counted on to
skipping to change at page 9, line 23 skipping to change at page 8, line 32
In particular, while the operation of lexicographically ordering In particular, while the operation of lexicographically ordering
member names by their Unicode code points is well defined, different member names by their Unicode code points is well defined, different
platform sort functions may produce different results for non-ASCII platform sort functions may produce different results for non-ASCII
characters, in ways that may not be obvious to developers. If characters, in ways that may not be obvious to developers. If
writers of future specifications defining new JWK Key Type values writers of future specifications defining new JWK Key Type values
choose to restrict themselves to ASCII member names (which are for choose to restrict themselves to ASCII member names (which are for
machine and not human consumption anyway), some future machine and not human consumption anyway), some future
interoperability problems might be avoided. interoperability problems might be avoided.
Use of escaped characters in the input JWK representation should be Use of escaped characters in the input JWK representation SHOULD be
avoided. avoided.
While there is a natural representation to use for numeric values While there is a natural representation to use for numeric values
that are integers, this specification doesn't attempt to define a that are integers, this specification doesn't attempt to define a
standard representation for numbers that are not integers or that standard representation for numbers that are not integers or that
contain an exponent component. This is not expected to be a problem contain an exponent component. This is not expected to be a problem
in practice, as the REQUIRED members of JWK representations are not in practice, as the REQUIRED members of JWK representations are not
expected to use numbers that are not integers. expected to use numbers that are not integers.
Use of number representations containing fraction or exponent parts Use of number representations containing fraction or exponent parts
in the input JWK representation should be avoided. in the input JWK representation SHOULD be avoided.
All of these practical considerations are really an instance of Jon All of these practical considerations are really an instance of Jon
Postel's principle: "Be liberal in what you accept, and conservative Postel's principle: "Be liberal in what you accept, and conservative
in what you send." in what you send."
6. IANA Considerations 5. IANA Considerations
6.1. JWS and JWE Header Parameter Registration
This specification registers the "jkt" Header Parameters defined in
Sections 4.1 and 4.2 in the IANA JSON Web Signature and Encryption
Header Parameters registry defined in [JWS].
6.1.1. Registry Contents
o Header Parameter Name: "jkt"
o Header Parameter Description: JWS JWK Thumbprint
o Header Parameter Usage Location(s): JWS
o Change Controller: IETF
o Specification Document(s): Section 4.1 of [[ this document ]]
o Header Parameter Name: "jkt"
o Header Parameter Description: JWE JWK Thumbprint
o Header Parameter Usage Location(s): JWE
o Change Controller: IETF
o Specification Document(s): Section 4.2 of [[ this document ]]
6.2. JSON Web Key Parameters Registration
This specification registers the "jkt" JWK member defined in
Section 4.3 in the IANA JSON Web Key Parameters registry defined in
[JWK].
6.2.1. Registry Contents
o Parameter Name: "jkt" This specification makes no requests of IANA.
o Parameter Description: JWK Thumbprint
o Used with "kty" Value(s): *
o Parameter Information Class: Public
o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]]
7. Security Considerations 6. Security Considerations
The JSON Security Considerations and Unicode Comparison Security The JSON Security Considerations and Unicode Comparison Security
Considerations described in Sections 10.2 and 10.3 of JSON Web Considerations described in Sections 10.2 and 10.3 of JSON Web
Signature (JWS) [JWS] also apply to this specification. Signature (JWS) [JWS] also apply to this specification.
Also, as described in Section 5, some implementations may produce Also, as described in Section 4, some implementations may produce
incorrect results if esoteric or escaped characters are used in the incorrect results if esoteric or escaped characters are used in the
member names. The security implications of this appear to be limited member names. The security implications of this appear to be limited
for JWK Thumbprints of public keys, since while it may result in for JWK Thumbprints of public keys, since while it may result in
implementations failing to identify the intended key, it should not implementations failing to identify the intended key, it should not
leak information, since the information in a public key is already leak information, since the information in a public key is already
public in nature, by definition. public in nature, by definition.
A hash of a symmetric key has the potential to leak information about A hash of a symmetric key has the potential to leak information about
the key value. Thus, the JWK Thumbprint of a symmetric key should be the key value. Thus, the JWK Thumbprint of a symmetric key should be
typically be concealed from parties not in possession of the typically be concealed from parties not in possession of the
symmetric key, unless in the application context, the cryptographic symmetric key, unless in the application context, the cryptographic
hash used, such as SHA-256, is known to provide sufficient protection hash used, such as SHA-256, is known to provide sufficient protection
against disclosure of the key value. against disclosure of the key value.
8. References A JWK Thumbprint will only uniquely identify a particular key if a
single unambiguous JWK representation for that key is defined and
used when computing the JWK Thumbprint. (Such representations are
defined for all the key types defined in JSON Web Algorithms (JWA)
[JWA].) For example, if an RSA key were to use "e":"AAEAAQ"
(representing [0, 1, 0, 1]) rather than the specified correct
representation of "e":"AQAB" (representing [1, 0, 1]), a different
thumbprint value would be produced for what could be effectively the
same key, at least for implementations that are lax in validating the
JWK values that they accept. Thus, JWK Thumbprint values can only be
relied upon to be unique for a given key if the implementation also
validates that the correct representation of the key is used.
8.1. Normative References 7. References
7.1. Normative References
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
January 2015. January 2015.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), draft-ietf-jose-json-web-encryption (work in progress),
January 2015. January 2015.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)",
skipping to change at page 11, line 39 skipping to change at page 10, line 29
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[SHS] National Institute of Standards and Technology, "Secure [SHS] National Institute of Standards and Technology, "Secure
Hash Standard (SHS)", FIPS PUB 180-4, March 2012. Hash Standard (SHS)", FIPS PUB 180-4, March 2012.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, [UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-,
<http://www.unicode.org/versions/latest/>. <http://www.unicode.org/versions/latest/>.
8.2. Informative References 7.2. Informative References
[I-D.ietf-json-i-json] [I-D.ietf-json-i-json]
Bray, T., "The I-JSON Message Format", Bray, T., "The I-JSON Message Format",
draft-ietf-json-i-json-05 (work in progress), draft-ietf-json-i-json-06 (work in progress),
December 2014. January 2015.
Appendix A. Acknowledgements Appendix A. Acknowledgements
James Manger and John Bradley participated in discussions that led to James Manger and John Bradley participated in discussions that led to
the creation of this specification. Jim Schaad also contributed to the creation of this specification. Jim Schaad also contributed to
this specification. this specification.
Appendix B. Document History Appendix B. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
-02
o No longer register the new JSON Web Signature (JWS) and JSON Web
Encryption (JWE) Header Parameters and the new JSON Web Key (JWK)
member name "jkt" (JWK SHA-256 Thumbprint) for holding these
values.
o Added security considerations about the measures needed to ensure
that a unique JWK Thumbprint value is produced for a key.
o Added text saying that the base64url encoded JWK Thumbprint value
could be used as a "kid" (key ID) value.
o Broke a sentence up that used to be way too long.
-01 -01
o Addressed issues pointed out by Jim Schaad, including defining the o Addressed issues pointed out by Jim Schaad, including defining the
JWK Thumbprint computation in a manner that allows different hash JWK Thumbprint computation in a manner that allows different hash
functions to be used over time. functions to be used over time.
o Added Nat Sakimura as an editor. o Added Nat Sakimura as an editor.
-00 -00
 End of changes. 21 change blocks. 
127 lines changed or deleted 76 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/