< draft-ietf-jose-json-web-key-21.txt		draft-ietf-jose-json-web-key-22.txt >
	JOSE Working Group M. Jones		JOSE Working Group M. Jones
	Internet-Draft Microsoft		Internet-Draft Microsoft
	Intended status: Standards Track February 14, 2014		Intended status: Standards Track March 2, 2014
	Expires: August 18, 2014		Expires: September 3, 2014
	JSON Web Key (JWK)		JSON Web Key (JWK)
	draft-ietf-jose-json-web-key-21		draft-ietf-jose-json-web-key-22
	Abstract		Abstract
	A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data		A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
	structure that represents a cryptographic key. This specification		structure that represents a cryptographic key. This specification
	also defines a JSON Web Key Set (JWK Set) JSON data structure for		also defines a JSON Web Key Set (JWK Set) JSON data structure for
	representing a set of JWKs. Cryptographic algorithms and identifiers		representing a set of JWKs. Cryptographic algorithms and identifiers
	for use with this specification are described in the separate JSON		for use with this specification are described in the separate JSON
	Web Algorithms (JWA) specification and IANA registries defined by		Web Algorithms (JWA) specification and IANA registries defined by
	that specification.		that specification.
	skipping to change at page 1, line 36 ¶		skipping to change at page 1, line 36 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on August 18, 2014.		This Internet-Draft will expire on September 3, 2014.
	Copyright Notice		Copyright Notice
	Copyright (c) 2014 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 15 ¶		skipping to change at page 3, line 15 ¶
	C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29		C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29
	C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29		C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29
	C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30		C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30
	C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30		C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30
	C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30		C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30
	C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31		C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31
	C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31		C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31
	C.9. Complete Representation . . . . . . . . . . . . . . . . . 34		C.9. Complete Representation . . . . . . . . . . . . . . . . . 34
	Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35		Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35
	Appendix E. Document History . . . . . . . . . . . . . . . . . . 36		Appendix E. Document History . . . . . . . . . . . . . . . . . . 36
	Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40		Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 41
	1. Introduction		1. Introduction
	A JSON Web Key (JWK) is a JavaScript Object Notation (JSON)		A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7158]
	[I-D.ietf-json-rfc4627bis] data structure that represents a		data structure that represents a cryptographic key. This
	cryptographic key. This specification also defines a JSON Web Key		specification also defines a JSON Web Key Set (JWK Set) JSON data
	Set (JWK Set) JSON data structure for representing a set of JWKs.		structure for representing a set of JWKs. Cryptographic algorithms
	Cryptographic algorithms and identifiers for use with this		and identifiers for use with this specification are described in the
	specification are described in the separate JSON Web Algorithms (JWA)		separate JSON Web Algorithms (JWA) [JWA] specification and IANA
	[JWA] specification and IANA registries defined by that		registries defined by that specification.
	specification.
	Goals for this specification do not include representing certificate		Goals for this specification do not include representing certificate
	chains, representing certified keys, and replacing X.509		chains, representing certified keys, and replacing X.509
	certificates.		certificates.
	JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and		JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and
	JSON Web Encryption (JWE) [JWE] specifications.		JSON Web Encryption (JWE) [JWE] specifications.
	Names defined by this specification are short because a core goal is		Names defined by this specification are short because a core goal is
	for the resulting representations to be compact.		for the resulting representations to be compact.
	1.1. Notational Conventions		1.1. Notational Conventions
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this		"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
	document are to be interpreted as described in Key words for use in		"OPTIONAL" in this document are to be interpreted as described in Key
	RFCs to Indicate Requirement Levels [RFC2119]. If these words are		words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
	used without being spelled in uppercase then they are to be		these words are used without being spelled in uppercase then they are
	interpreted with their normal natural language meanings.		to be interpreted with their normal natural language meanings.
	BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per		BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
	Section 2.		Section 2.
	UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation		UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
	of STRING.		of STRING.
	ASCII(STRING) denotes the octets of the ASCII [USASCII]		ASCII(STRING) denotes the octets of the ASCII [USASCII]
	representation of STRING.		representation of STRING.
	The concatenation of two values A and B is denoted as A || B.		The concatenation of two values A and B is denoted as A || B.
	2. Terminology		2. Terminology
	These terms defined by the JSON Web Signature (JWS) [JWS]		These terms defined by the JSON Web Signature (JWS) [JWS]
	specification are incorporated into this specification: "Base64url		specification are incorporated into this specification: "Base64url
	Encoding" and "Collision-Resistant Name".		Encoding" and "Collision-Resistant Name".
	These terms are defined for use by this specification:		These terms are defined for use by this specification:
	JSON Web Key (JWK) A JSON object that represents a cryptographic		JSON Web Key (JWK)
	key.		A JSON object that represents a cryptographic key.
	JSON Web Key Set (JWK Set) A JSON object that contains an array of		JSON Web Key Set (JWK Set)
	JWKs as the value of its "keys" member.		A JSON object that contains an array of JWKs as the value of its
			"keys" member.
	3. JSON Web Key (JWK) Format		3. JSON Web Key (JWK) Format
	A JSON Web Key (JWK) is a JSON object. The members of the object		A JSON Web Key (JWK) is a JSON object. The members of the object
	represent properties of the key, including its value. This document		represent properties of the key, including its value. This document
	defines the key parameters that are not algorithm specific, and thus		defines the key parameters that are not algorithm specific, and thus
	common to many keys.		common to many keys.
	In addition to the common parameters, each JWK will have members that		In addition to the common parameters, each JWK will have members that
	are specific to the kind of key being represented. These members		are specific to the kind of key being represented. These members
	skipping to change at page 19, line 38 ¶		skipping to change at page 19, line 38 ¶
	The TLS Requirements in [JWS] also apply to this specification.		The TLS Requirements in [JWS] also apply to this specification.
	9. References		9. References
	9.1. Normative References		9.1. Normative References
	[ECMAScript]		[ECMAScript]
	Ecma International, "ECMAScript Language Specification,		Ecma International, "ECMAScript Language Specification,
	5.1 Edition", ECMA 262, June 2011.		5.1 Edition", ECMA 262, June 2011.
	[I-D.ietf-json-rfc4627bis]
	Bray, T., "The JSON Data Interchange Format",
	draft-ietf-json-rfc4627bis-10 (work in progress),
	December 2013.
	[IANA.MediaTypes]		[IANA.MediaTypes]
	Internet Assigned Numbers Authority (IANA), "MIME Media		Internet Assigned Numbers Authority (IANA), "MIME Media
	Types", 2005.		Types", 2005.
	[ITU.X690.1994]		[ITU.X690.1994]
	International Telecommunications Union, "Information		International Telecommunications Union, "Information
	Technology - ASN.1 encoding rules: Specification of Basic		Technology - ASN.1 encoding rules: Specification of Basic
	Encoding Rules (BER), Canonical Encoding Rules (CER) and		Encoding Rules (BER), Canonical Encoding Rules (CER) and
	Distinguished Encoding Rules (DER)", ITU-T Recommendation		Distinguished Encoding Rules (DER)", ITU-T Recommendation
	X.690, 1994.		X.690, 1994.
	[JWA] Jones, M., "JSON Web Algorithms (JWA)",		[JWA] Jones, M., "JSON Web Algorithms (JWA)",
	draft-ietf-jose-json-web-algorithms (work in progress),		draft-ietf-jose-json-web-algorithms (work in progress),
	February 2014.		March 2014.
	[JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web		[JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web
	Encryption (JWE)", draft-ietf-jose-json-web-encryption		Encryption (JWE)", draft-ietf-jose-json-web-encryption
	(work in progress), February 2014.		(work in progress), March 2014.
	[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web		[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
	Signature (JWS)", draft-ietf-jose-json-web-signature (work		Signature (JWS)", draft-ietf-jose-json-web-signature (work
	in progress), February 2014.		in progress), March 2014.
	[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic		[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
	Mail: Part I: Message Encryption and Authentication		Mail: Part I: Message Encryption and Authentication
	Procedures", RFC 1421, February 1993.		Procedures", RFC 1421, February 1993.
	[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail		[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
	Extensions (MIME) Part Two: Media Types", RFC 2046,		Extensions (MIME) Part Two: Media Types", RFC 2046,
	November 1996.		November 1996.
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	skipping to change at page 20, line 50 ¶		skipping to change at page 20, line 45 ¶
	Encodings", RFC 4648, October 2006.		Encodings", RFC 4648, October 2006.
	[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security		[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
	(TLS) Protocol Version 1.2", RFC 5246, August 2008.		(TLS) Protocol Version 1.2", RFC 5246, August 2008.
	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,		[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
	Housley, R., and W. Polk, "Internet X.509 Public Key		Housley, R., and W. Polk, "Internet X.509 Public Key
	Infrastructure Certificate and Certificate Revocation List		Infrastructure Certificate and Certificate Revocation List
	(CRL) Profile", RFC 5280, May 2008.		(CRL) Profile", RFC 5280, May 2008.
			[RFC7158] Bray, T., "The JavaScript Object Notation (JSON) Data
			Interchange Format", RFC 7158, March 2014.
	[USASCII] American National Standards Institute, "Coded Character		[USASCII] American National Standards Institute, "Coded Character
	Set -- 7-bit American Standard Code for Information		Set -- 7-bit American Standard Code for Information
	Interchange", ANSI X3.4, 1986.		Interchange", ANSI X3.4, 1986.
	9.2. Informative References		9.2. Informative References
	[MagicSignatures]		[MagicSignatures]
	Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic		Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic
	Signatures", January 2011.		Signatures", January 2011.
	skipping to change at page 36, line 26 ¶		skipping to change at page 36, line 26 ¶
	Turner.		Turner.
	Jim Schaad and Karen O'Donoghue chaired the JOSE working group and		Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
	Sean Turner and Stephen Farrell served as Security area directors		Sean Turner and Stephen Farrell served as Security area directors
	during the creation of this specification.		during the creation of this specification.
	Appendix E. Document History		Appendix E. Document History
	[[ to be removed by the RFC Editor before publication as an RFC ]]		[[ to be removed by the RFC Editor before publication as an RFC ]]
			-22
			o Corrected RFC 2119 terminology usage.
			o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
	-21		-21
	o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey"		o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey"
	and "unwrapKey" to match the "KeyUsage" values defined in the		and "unwrapKey" to match the "KeyUsage" values defined in the
	current Web Cryptography API [WebCrypto] editor's draft.		current Web Cryptography API [WebCrypto] editor's draft.
	o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt		o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt
	Input), where the "p2s" Header Parameter encodes the Salt Input		Input), where the "p2s" Header Parameter encodes the Salt Input
	value and Alg is the "alg" Header Parameter value.		value and Alg is the "alg" Header Parameter value.
End of changes. 14 change blocks.
	30 lines changed or deleted		34 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/