draft-ietf-jose-jwk-thumbprint-04.txt   draft-ietf-jose-jwk-thumbprint-05.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track N. Sakimura Intended status: Standards Track N. Sakimura
Expires: September 4, 2015 NRI Expires: November 28, 2015 NRI
March 3, 2015 May 27, 2015
JSON Web Key (JWK) Thumbprint JSON Web Key (JWK) Thumbprint
draft-ietf-jose-jwk-thumbprint-04 draft-ietf-jose-jwk-thumbprint-05
Abstract Abstract
This specification defines a means of computing a thumbprint value This specification defines a method for computing a hash value over a
(a.k.a. digest) of a key represented as a JSON Web Key (JWK). This JSON Web Key (JWK). It defines which fields in a JWK are used in the
value can be used for identifying or selecting the key that is the hash computation, the method of creating a canonical form for those
fields, and how to convert the resulting Unicode string into a byte
sequence to be hashed. The resulting hash value can be used for
identifying or selecting the key represented by the JWK that is the
subject of the thumbprint. subject of the thumbprint.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 4, 2015. This Internet-Draft will expire on November 28, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 16 skipping to change at page 2, line 19
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3 3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3
3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4 3.1. Example JWK Thumbprint Computation . . . . . . . . . . . . 4
3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5 3.2. JWK Members Used in the Thumbprint Computation . . . . . . 5
3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6 3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6
3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6 3.2.2. Why Not Include Optional Members? . . . . . . . . . . 6
3.3. Order and Representation of Members in Hash Input . . . . 7 3.3. Order and Representation of Members in Hash Input . . . . 7
3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 7 3.4. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 8
4. Practical JSON and Unicode Considerations . . . . . . . . . . 8 4. Practical JSON and Unicode Considerations . . . . . . . . . . 8
5. Relationship to Digests of X.509 Values . . . . . . . . . . . 9 5. Relationship to Digests of X.509 Values . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
8.1. Normative References . . . . . . . . . . . . . . . . . . . 10 8.1. Normative References . . . . . . . . . . . . . . . . . . . 10
8.2. Informative References . . . . . . . . . . . . . . . . . . 11 8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 11 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 11
Appendix B. Document History . . . . . . . . . . . . . . . . . . 11 Appendix B. Document History . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
This specification defines a means of computing a thumbprint value This specification defines a method for computing a hash value
(a.k.a. digest) of a key represented as a JSON Web Key (JWK). This (a.k.a. digest) over a JSON Web Key (JWK) [JWK]. It defines which
value can be used for identifying or selecting the key that is the fields in a JWK are used in the hash computation, the method of
subject of the thumbprint, for instance, by using the base64url creating a canonical form for those fields, and how to convert the
encoded JWK Thumbprint value as a "kid" (key ID) value. resulting Unicode string into a byte sequence to be hashed. The
resulting hash value can be used for identifying or selecting the key
represented by the JWK that is the subject of the thumbprint, for
instance, by using the base64url-encoded JWK Thumbprint value as a
"kid" (key ID) value.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in
words for use in RFCs to Indicate Requirement Levels [RFC2119]. "Key words for use in RFCs to Indicate Requirement Levels" [RFC2119].
The interpretation should only be applied when the terms appear in
all capital letters.
2. Terminology 2. Terminology
This specification uses the same terminology as the JSON Web Key This specification uses the same terminology as the "JSON Web Key
(JWK) [JWK], JSON Web Signature (JWS) [JWS], and JSON Web Algorithms (JWK)" [JWK], "JSON Web Signature (JWS)" [JWS], and "JSON Web
(JWA) [JWA] specifications. Algorithms (JWA)" [JWA] specifications.
This term is defined by this specification: This term is defined by this specification:
JWK Thumbprint JWK Thumbprint
The digest value for a key that is the subject of this The digest value for a JWK.
specification.
3. JSON Web Key (JWK) Thumbprint 3. JSON Web Key (JWK) Thumbprint
The thumbprint of a JSON Web Key (JWK) is computed as follows: The thumbprint of a JSON Web Key (JWK) is computed as follows:
1. Construct a JSON object [RFC7159] containing only the required 1. Construct a JSON object [RFC7159] containing only the required
members of a JWK representing the key and with no white space or members of a JWK representing the key and with no whitespace or
line breaks before or after any syntactic elements and with the line breaks before or after any syntactic elements and with the
required members ordered lexicographically by the Unicode required members ordered lexicographically by the Unicode
[UNICODE] code points of the member names. (This JSON object is [UNICODE] code points of the member names. (This JSON object is
itself a legal JWK representation of the key.) itself a legal JWK representation of the key.)
2. Hash the octets of the UTF-8 representation of this JSON object 2. Hash the octets of the UTF-8 representation of this JSON object
with a cryptographic hash function H. For example, SHA-256 [SHS] with a cryptographic hash function H. For example, SHA-256 [SHS]
might be used as H. might be used as H.
The resulting value is the JWK Thumbprint with H of the JWK. The The resulting value is the JWK Thumbprint with H of the JWK. The
skipping to change at page 4, line 23 skipping to change at page 4, line 27
VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6 VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6
4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD 4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD
W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9 W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9
1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH 1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH
aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e": "AQAB", "e": "AQAB",
"alg": "RS256", "alg": "RS256",
"kid": "2011-04-29" "kid": "2011-04-29"
} }
As defined in JSON Web Key (JWK) [JWK] and JSON Web Algorithms (JWA) As defined in "JSON Web Key (JWK)" [JWK] and "JSON Web Algorithms
[JWA], the required members of an RSA public key are: (JWA)" [JWA], the required members for an RSA public key are:
o "kty" o "kty"
o "n" o "n"
o "e" o "e"
Therefore, these are the members used in the thumbprint computation. Therefore, these are the members used in the thumbprint computation.
Their lexicographic order (see more about this in Section 3.3) is: Their lexicographic order, per Section 3.3, is:
o "e" o "e"
o "kty" o "kty"
o "n" o "n"
Therefore the JSON object constructed as an intermediate step in the Therefore the JSON object constructed as an intermediate step in the
computation is as follows (with long lines broken for display computation is as follows (with long lines broken for display
purposes only): purposes only):
{"e":"AQAB","kty":"RSA","n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2 {"e":"AQAB","kty":"RSA","n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2
skipping to change at page 5, line 42 skipping to change at page 5, line 47
245, 123] 245, 123]
The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value The base64url encoding [JWS] of this JWK SHA-256 Thumbprint value
(which might, for instance, be used as a "kid" (key ID) value) is: (which might, for instance, be used as a "kid" (key ID) value) is:
NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs
3.2. JWK Members Used in the Thumbprint Computation 3.2. JWK Members Used in the Thumbprint Computation
Only the required members of a key's representation are used when Only the required members of a key's representation are used when
computing its JWK Thumbprint value. As defined in JSON Web Key (JWK) computing its JWK Thumbprint value. As defined in "JSON Web Key
[JWK] and JSON Web Algorithms (JWA) [JWA], the required members of an (JWK)" [JWK] and "JSON Web Algorithms (JWA)" [JWA], the required
elliptic curve public key for the curves specified in Section 6.2.1.1 members for an elliptic curve public key for the curves specified in
of [JWK], in lexicographic order, are: Section 6.2.1.1 of [JWK], in lexicographic order, are:
o "crv" o "crv"
o "kty" o "kty"
o "x" o "x"
o "y" o "y"
the required members of an RSA public key, in lexicographic order, the required members for an RSA public key, in lexicographic order,
are: are:
o "e" o "e"
o "kty" o "kty"
o "n" o "n"
and the required members of a symmetric key, in lexicographic order, and the required members for a symmetric key, in lexicographic order,
are: are:
o "k" o "k"
o "kty" o "kty"
As other key type values are defined, the specifications defining As other "kty" (key type) values are defined, the specifications
them should be similarly consulted to determine which members, in defining them should be similarly consulted to determine which
addition to "kty", are required. members, in addition to "kty", are required.
3.2.1. JWK Thumbprint of a Private Key 3.2.1. JWK Thumbprint of a Private Key
The JWK Thumbprint of a private key is computed as the JWK Thumbprint The JWK Thumbprint of a JWK representing a private key is computed as
of the corresponding public key. This has the intentional benefit the JWK Thumbprint of a JWK representing the corresponding public
that the same JWK Thumbprint value can be computed both by parties key. This has the intentional benefit that the same JWK Thumbprint
using either the public or private key. The JWK Thumbprint can then value can be computed both by parties using either the public or
be used to refer to both keys of the key pair. Application context private key. The JWK Thumbprint can then be used to refer to both
can be used to determine whether the public or the private key is the keys of the key pair. Application context can be used to determine
one being referred to by the JWK Thumbprint. whether the public or the private key is the one being referred to by
the JWK Thumbprint.
This specification defines the method of computing JWK Thumbprints of This specification defines the method of computing JWK Thumbprints of
private keys for interoperability reasons -- so that different JWKs representing private keys for interoperability reasons -- so
implementations computing JWK Thumbprints of private keys will that different implementations computing JWK Thumbprints of private
produce the same result. keys will produce the same result.
3.2.2. Why Not Include Optional Members? 3.2.2. Why Not Include Optional Members?
Optional members of JWKs are intentionally not included in the JWK Optional members of JWKs are intentionally not included in the JWK
Thumbprint computation so that their absence or presence in the JWK Thumbprint computation so that their absence or presence in the JWK
does not alter the resulting value. The JWK Thumbprint value is a does not alter the resulting value. The JWK Thumbprint value is a
digest of the key value itself -- not of additional data that may digest of the members required to represent the key as a JWK -- not
also accompany the key. of additional data that may also accompany the key.
Optional members are not included so that the JWK Thumbprint refers Optional members are not included so that the JWK Thumbprint refers
to a key -- not a key with an associated set of key attributes. This to a key -- not a key with an associated set of key attributes. This
has the benefit that while in different application contexts has the benefit that while in different application contexts
different subsets of attributes about the key might or might not be different subsets of attributes about the key might or might not be
included in the JWK, the JWK Thumbprint of the key remains the same included in the JWK, the JWK Thumbprint of any JWK representing the
regardless of which optional attributes are present. Different kinds key remains the same regardless of which optional attributes are
of thumbprints could be defined by other specifications that might present. Different kinds of thumbprints could be defined by other
include some or all additional JWK members, should use cases arise specifications that might include some or all additional JWK members,
where such different kinds of thumbprints would be useful. See should use cases arise where such different kinds of thumbprints
Section 9.1 of [JWK] for notes on some ways to cryptographically bind would be useful. See Section 9.1 of [JWK] for notes on some ways to
attributes to a key. cryptographically bind attributes to a key.
3.3. Order and Representation of Members in Hash Input 3.3. Order and Representation of Members in Hash Input
The required members in the input to the hash function are ordered The required members in the input to the hash function are ordered
lexicographically by the Unicode code points of the member names. lexicographically by the Unicode code points of the member names.
Characters in member names and member values MUST be represented Characters in member names and member values MUST be represented
without being escaped. This means that thumbprints of JWKs that without being escaped. This means that thumbprints of JWKs that
require such characters are not defined by this specification. (This require such characters are not defined by this specification. (This
is not expected to limit the applicability of this specification, in is not expected to limit the applicability of this specification, in
practice, as the members of JWK representations are not expected to practice, as the members of JWK representations are not expected to
use any of these characters.) The characters specified as requiring use any of these characters.) The characters specified as requiring
escaping by Section 7 of [RFC7159] are quotation mark, reverse escaping by Section 7 of [RFC7159] are quotation mark, reverse
solidus (a.k.a. backslash), and the control characters U+0000 through solidus (a.k.a. backslash), and the control characters U+0000 through
U+001F. U+001F.
If the JWK key type uses members whose values are themselves JSON If the JWK key type uses members whose values are themselves JSON
objects (as of the time of this writing, none are defined that do), objects, the members of those objects MUST likewise be
the members of those objects MUST likewise be lexicographically lexicographically ordered. (As of the time of this writing, none are
ordered. defined that do.)
If the JWK key type uses members whose values are JSON numbers (as of If the JWK key type uses members whose values are JSON numbers, if
the time of this writing, none are defined that do), if the numbers the numbers are integers, they MUST be represented as a JSON number
are integers, they MUST be represented as a JSON number as defined in as defined in Section 6 of [RFC7159] without including a fraction
Section 6 of [RFC7159] without including a fraction part or exponent part or exponent part. For instance, the value "1.024e3" MUST be
part. For instance, the value "1.024e3" MUST be represented as represented as "1024". This means that thumbprints of JWKs that use
"1024". This means that thumbprints of JWKs that use numbers that numbers that are not integers are not defined by this specification.
are not integers are not defined by this specification. Also, as Also, as noted in "The I-JSON Message Format" [RFC7493],
noted in The I-JSON Message Format [I-D.ietf-json-i-json],
implementations cannot expect an integer whose absolute value is implementations cannot expect an integer whose absolute value is
greater than 9007199254740991 (i.e., that is outside the range greater than 9007199254740991 (i.e., that is outside the range
[-(2**53)+1, (2**53)-1]) to be treated as an exact value. [-(2**53)+1, (2**53)-1]) to be treated as an exact value. (As of the
time of this writing, none are defined that use JSON numbers.)
See Section 4 for a discussion of further practical considerations See Section 4 for a discussion of further practical considerations
pertaining to the representation of the hash input. pertaining to the representation of the hash input.
3.4. JWK Thumbprints of Keys Not in JWK Format 3.4. JWK Thumbprints of Keys Not in JWK Format
Note that a key need not be in JWK format to create a JWK Thumbprint Note that a key need not be in JWK format to create a JWK Thumbprint
of it. The only prerequisites are that the JWK representation of the of it. The only prerequisites are that the JWK representation of the
key be defined and the party creating the JWK Thumbprint is in key be defined and the party creating the JWK Thumbprint is in
possession of the necessary key material. These are sufficient to possession of the necessary key material. These are sufficient to
skipping to change at page 8, line 24 skipping to change at page 8, line 32
only printable ASCII characters, which should not exhibit this only printable ASCII characters, which should not exhibit this
problem. Note however, that JSON.stringify() cannot be counted on to problem. Note however, that JSON.stringify() cannot be counted on to
lexicographically sort the members of JSON objects, so while it may lexicographically sort the members of JSON objects, so while it may
be able to be used to emit some kinds of member values, different be able to be used to emit some kinds of member values, different
code is likely to be needed to perform the sorting. code is likely to be needed to perform the sorting.
In particular, while the operation of lexicographically ordering In particular, while the operation of lexicographically ordering
member names by their Unicode code points is well defined, different member names by their Unicode code points is well defined, different
platform sort functions may produce different results for non-ASCII platform sort functions may produce different results for non-ASCII
characters, in ways that may not be obvious to developers. If characters, in ways that may not be obvious to developers. If
writers of future specifications defining new JWK Key Type values writers of future specifications defining new JWK key type values
choose to restrict themselves to ASCII member names (which are for choose to restrict themselves to ASCII member names (which are for
machine and not human consumption anyway), some future machine and not human consumption anyway), some future
interoperability problems might be avoided. interoperability problems might be avoided.
However, if new JWK members are defined that use non-ASCII member However, if new JWK members are defined that use non-ASCII member
names, their definitions should specify the exact Unicode code point names, their definitions should specify the exact Unicode code point
sequences used to represent them, particularly in cases in which sequences used to represent them. This is particularly important in
Unicode normalization could result in the transformation of one set cases in which Unicode normalization could result in the
of code points into another under any circumstances. transformation of one set of code points into another under any
circumstances.
Use of escaped characters in JWKs for which JWK Thumbprints will be Use of escaped characters in JWKs for which JWK Thumbprints will be
computed should be avoided. (Use of escaped characters in the hash computed should be avoided. Use of escaped characters in the hash
input JWKs derived from these original JWKs is prohibited.) input JWKs derived from these original JWKs is prohibited.
While there is a natural representation to use for numeric values There is a natural representation to use for numeric values that are
that are integers, this specification does not attempt to define a integers. However, this specification does not attempt to define a
standard representation for numbers that are not integers or that standard representation for numbers that are not integers or that
contain an exponent component. This is not expected to be a problem contain an exponent component. This is not expected to be a problem
in practice, as the required members of JWK representations are not in practice, as the required members of JWK representations are
expected to use numbers that are not integers. expected to use only numbers that are integers.
Use of number representations containing fraction or exponent parts Use of number representations containing fraction or exponent parts
in JWKs for which JWK Thumbprints will be computed should be avoided. in JWKs for which JWK Thumbprints will be computed should be avoided.
All of these practical considerations are really an instance of Jon All of these practical considerations are really an instance of Jon
Postel's principle: "Be liberal in what you accept, and conservative Postel's principle: "Be liberal in what you accept, and conservative
in what you send." in what you send."
5. Relationship to Digests of X.509 Values 5. Relationship to Digests of X.509 Values
JWK Thumbprint values are computed on the members required to JWK Thumbprint values are computed on the JWK members required to
represent a key, rather than all members of a JWK that the key is represent a key, rather than all members of a JWK that the key is
represented in. Thus, they are more analogous to applications that represented in. Thus, they are more analogous to applications that
use digests of X.509 Subject Public Key Info (SPKI) values, which are use digests of X.509 Subject Public Key Info (SPKI) values, which are
defined in Section 4.1.2.7 of [RFC5280], than to applications that defined in Section 4.1.2.7 of [RFC5280], than to applications that
use digests of complete certificate values, as the "x5t" (X.509 use digests of complete certificate values, as the "x5t" (X.509
Certificate SHA-1 Thumbprint) [JWS] value defined for X.509 certificate SHA-1 thumbprint) [JWS] value defined for X.509
certificate objects does. While logically equivalent to a digest of certificate objects does. While logically equivalent to a digest of
the SPKI representation of the key, a JWK Thumbprint is computed over the SPKI representation of the key, a JWK Thumbprint is computed over
a JSON representation of that key, rather than over an ASN.1 a JSON representation of that key, rather than over an ASN.1
representation of it. representation of it.
6. IANA Considerations 6. IANA Considerations
This specification makes no requests of IANA. This specification makes no requests of IANA.
7. Security Considerations 7. Security Considerations
The JSON Security Considerations and Unicode Comparison Security The JSON Security Considerations and Unicode Comparison Security
Considerations described in Sections 10.2 and 10.3 of JSON Web Considerations described in Sections 10.2 and 10.3 of "JSON Web
Signature (JWS) [JWS] also apply to this specification. Signature (JWS)" [JWS] also apply to this specification.
Also, as described in Section 4, some implementations may produce Also, as described in Section 4, some implementations may produce
incorrect results if esoteric or escaped characters are used in the incorrect results if esoteric or escaped characters are used in the
member names. The security implications of this appear to be limited member names. The security implications of this appear to be limited
for JWK Thumbprints of public keys, since while it may result in for JWK Thumbprints of public keys, since while it may result in
implementations failing to identify the intended key, it should not implementations failing to identify the intended key, it should not
leak information, since the information in a public key is already leak information, since the information in a public key is already
public in nature, by definition. public in nature, by definition.
A hash of a symmetric key has the potential to leak information about A hash of a symmetric key has the potential to leak information about
the key value. Thus, the JWK Thumbprint of a symmetric key should be the key value. Thus, the JWK Thumbprint of a symmetric key should be
typically be concealed from parties not in possession of the typically be concealed from parties not in possession of the
symmetric key, unless in the application context, the cryptographic symmetric key, unless in the application context, the cryptographic
hash used, such as SHA-256, is known to provide sufficient protection hash used, such as SHA-256, is known to provide sufficient protection
against disclosure of the key value. against disclosure of the key value.
A JWK Thumbprint will only uniquely identify a particular key if a A JWK Thumbprint will only uniquely identify a particular key if a
single unambiguous JWK representation for that key is defined and single unambiguous JWK representation for that key is defined and
used when computing the JWK Thumbprint. (Such representations are used when computing the JWK Thumbprint. (Such representations are
defined for all the key types defined in JSON Web Algorithms (JWA) defined for all the key types defined in "JSON Web Algorithms (JWA)"
[JWA].) For example, if an RSA key were to use "e":"AAEAAQ" [JWA].) For example, if an RSA key were to use "e":"AAEAAQ"
(representing [0, 1, 0, 1]) rather than the specified correct (representing [0, 1, 0, 1]) rather than the specified correct
representation of "e":"AQAB" (representing [1, 0, 1]), a different representation of "e":"AQAB" (representing [1, 0, 1]), a different
thumbprint value would be produced for what could be effectively the thumbprint value would be produced for what could be effectively the
same key, at least for implementations that are lax in validating the same key, at least for implementations that are lax in validating the
JWK values that they accept. Thus, JWK Thumbprint values can only be JWK values that they accept. Thus, JWK Thumbprint values can only be
relied upon to be unique for a given key if the implementation also relied upon to be unique for a given key if the implementation also
validates that the correct representation of the key is used. validates that the correct representation of the key is used.
Even more insidious is that an attacker may supply a key that is a Even more insidious is that an attacker may supply a key that is a
skipping to change at page 10, line 28 skipping to change at page 10, line 35
key would still work about 1/3 of the time, but would appear to be a key would still work about 1/3 of the time, but would appear to be a
different key. Thus, while thumbprint values are valuable for different key. Thus, while thumbprint values are valuable for
identifying legitimate keys, comparing thumbprint values is not a identifying legitimate keys, comparing thumbprint values is not a
reliable means of excluding (blacklisting) the use of particular keys reliable means of excluding (blacklisting) the use of particular keys
(or transformations thereof). (or transformations thereof).
8. References 8. References
8.1. Normative References 8.1. Normative References
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518,
draft-ietf-jose-json-web-algorithms (work in progress), May 2015, <http://www.rfc-editor.org/info/rfc7518>.
January 2015.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)", RFC 7517, May 2015,
draft-ietf-jose-json-web-key (work in progress), <http://www.rfc-editor.org/info/rfc7517>.
January 2015.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", RFC 7515, May 2015,
in progress), January 2015. <http://www.rfc-editor.org/info/rfc7515>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[SHS] National Institute of Standards and Technology, "Secure [SHS] National Institute of Standards and Technology, "Secure
Hash Standard (SHS)", FIPS PUB 180-4, March 2012. Hash Standard (SHS)", FIPS PUB 180-4, March 2012, <http://
csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf>.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, [UNICODE] The Unicode Consortium, "The Unicode Standard",
<http://www.unicode.org/versions/latest/>. <http://www.unicode.org/versions/latest/>.
8.2. Informative References 8.2. Informative References
[I-D.ietf-json-i-json]
Bray, T., "The I-JSON Message Format",
draft-ietf-json-i-json-06 (work in progress),
January 2015.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC7493] Bray, T., "The I-JSON Message Format", RFC 7493,
March 2015.
Appendix A. Acknowledgements Appendix A. Acknowledgements
James Manger and John Bradley participated in discussions that led to James Manger and John Bradley participated in discussions that led to
the creation of this specification. Jim Schaad also contributed to the creation of this specification. Jim Schaad also contributed to
this specification. this specification.
Appendix B. Document History Appendix B. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
-05
o Addressed comments in Kathleen Moriarty's AD review.
-04 -04
o Addressed additional review comments by Jim Schaad, which resulted o Addressed additional review comments by Jim Schaad, which resulted
in several clarifications and some corrections to the case of RFC in several clarifications and some corrections to the case of RFC
2119 keywords. 2119 keywords.
-03 -03
o Addressed review comments by James Manger and Jim Schaad, o Addressed review comments by James Manger and Jim Schaad,
including adding a section on the relationship to digests of X.509 including adding a section on the relationship to digests of X.509
 End of changes. 40 change blocks. 
95 lines changed or deleted 105 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/