Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encrypted JWPs #136

Merged
merged 3 commits into from
Aug 22, 2024
Merged

Add encrypted JWPs #136

merged 3 commits into from
Aug 22, 2024

Conversation

selfissued
Copy link
Collaborator

Fixes #83

Cc @brentzundel

@selfissued selfissued requested review from dwaite and quartzjer August 7, 2024 04:23
dwaite
dwaite reviewed Aug 7, 2024
View reviewed changes
draft-ietf-jose-json-web-proof.md Outdated
Comment on lines 468 to 475
A `cty` (content type) Header Parameter value of `jwp` is used to indicate
that the content of the JWE is a JWP using the JWP Compact Serialization.
A `cty` (content type) Header Parameter value of `jwp+json` is used to indicate
that the content of the JWE is the UTF-8 encoding of a JWP using the JWP JSON Serialization.
In both cases, the `cty` (content type) Header Parameter MUST be present
unless the application knows that the encrypted content is
a JWP by another means or convention,
in which case the `cty` value would typically be omitted.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These seem like they should be identical to the guidance in JWP around typ - if present, they SHOULD be the effective media type of the contained JWP. This MAY be in the JWP as the typ protected header parameter, or omitted from the JWP based on context.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would need to define two new "typ" values saying that the whole thing is an encrypted JWT using one or the other serializations if we were to go that route. But it would be better to use application-defined "typ" values using the +jwp suffix and/or application-defined "typ" values using the JSON Serialization.

Instead, the encryption treatment is intentionally exactly the same as for JWKs. Compare the language in this PR with that at https://www.rfc-editor.org/rfc/rfc7517.html#section-7 and let me know if there are changes you'd like to make it even more paralle.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh wait - I get it now. Now that we have explicit typing, we should use the "typ" value of the enclosed JWP as the JWE "cty" value. I'll take a stab at that.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dwaite I updated the description to cater to explicit typing. Please re-review.

draft-ietf-jose-json-web-proof.md
@@ -657,7 +680,8 @@ This section registers the `+jwp`
structured syntax suffix [@RFC6838]
in the IANA "Structured Syntax Suffix" registry (#IANA.StructuredSuffix)
in the manner described in [@RFC6838],
which can be used to indicate that the media type is encoded as a JWP.
which can be used to indicate that the media type is encoded as a JWP
using the JWP Compact Serialization.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@dwaite dwaite merged commit ca6b904 into ietf-wg-jose:main Aug 22, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwaite dwaite dwaite left review comments

@quartzjer quartzjer Awaiting requested review from quartzjer quartzjer is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

what about JWE?
2 participants
@selfissued @dwaite