Archive for the 'Cryptography' Category

July 23, 2014
OAuth Assertions specs describing Privacy Considerations

OAuth logoBrian Campbell updated the OAuth Assertions specifications to add Privacy Considerations sections, responding to area director feedback. Thanks, Brian!

The specifications are available at:

HTML formatted versions are also available at:

July 23, 2014
JWK Thumbprint spec incorporating feedback from IETF 90

IETF logoI’ve updated the JSON Web Key (JWK) Thumbprint specification to incorporate the JOSE working group feedback on the -00 draft from IETF 90. The two changes were:

  • Said that the result is undefined if characters requiring escaping are needed in the hash input.
  • Added instructions for representing integer numeric values in the hash input.

If a canonical JSON representation standard is ever adopted, this specification could be revised to use it, resulting in unambiguous definitions for those values (which are unlikely to ever occur in JWKs) as well. (Defining a complete canonical JSON representation is very much out of scope for this work!)

The specification is available at:

An HTML formatted version is also available at:

July 4, 2014
JOSE -31 and JWT -25 drafts addressing additional AD comments

IETF logoIn preparation for IETF 90 in Toronto, I’ve published yet another round of small deltas to the JOSE and JWT specifications motivated by additional comments from our area director, Kathleen Moriarty. These drafts add some references to Security Considerations sections, adds a Privacy Considerations section to JWT, and clarifies wording in a few places. Once again, no normative changes were made.

The specifications are available at:

HTML formatted versions are available at:

July 1, 2014
JOSE -30 and JWT -24 drafts incorporating AD feedback on fifth spec of five

IETF logoJOSE -30 and JWT -24 drafts have been posted incorporating improvements resulting from Kathleen Moriarty’s JWE review. At this point, actions requested in her reviews of the JWS, JWE, JWK, JWA, and JWT specifications have all been incorporated. All changes in this release were strictly editorial in nature.

The specifications are available at:

HTML formatted versions are available at:

June 20, 2014
JOSE -29 and JWT -23 drafts coalescing duplicative terminology definitions

IETF logoSurprise! For the first time ever, I’ve released two sets of JOSE and JWT drafts in one day! I wanted to separate the changes addressing recent AD comments from this set of changes that reduces duplication in the drafts.

These drafts replaced the terms JWS Header, JWE Header, and JWT Header with a single JOSE Header term defined in the JWS specification. This also enabled a single Header Parameter definition to be used and reduced other areas of duplication between the specifications. No normative changes were made.

The specifications are available at:

HTML formatted versions are available at:

June 20, 2014
JOSE -28 and JWT -22 drafts incorporating additional AD feedback

IETF logoUpdated JOSE and JWT drafts have been released that incorporate additional wording improvements in places suggested by Kathleen Moriarty. Most of the changes were rewording and reorganization of the Security Considerations sections. An explanation of when applications typically would and would not use the typ and cty header parameters was added. The one normative change was to specify the use of PKCS #7 padding with AES CBC, rather than PKCS #5 – a correction pointed out by Shaun Cooley. (PKCS #7 is a superset of PKCS #5, and is appropriate for the 16 octet blocks used by AES CBC.) No breaking changes were made.

The specifications are available at:

HTML formatted versions are available at:

June 10, 2014
JOSE -27 and JWT -21 drafts incorporating area director feedback

IETF logoThe -27 drafts of the JOSE specs (JWS, JWE, JWK, & JWA) and the -21 draft of the JWT spec have been posted that incorporate feedback received from our security area director, Kathleen Moriarty. The one normative change was to add certificate thumbprint parameters using SHA-256 as the hash function. There were no breaking changes. A number of additional security considerations were added across the drafts. An example JWK was added early in the JWK draft (paralleling the early examples in the JWS, JWE, and JWT drafts). Several algorithm cross-reference entries were updated in the JWA draft. A number of other editorial improvements were also applied.

The specifications are available at:

HTML formatted versions are available at:

Thanks for the detailed feedback, Kathleen.

May 14, 2014
JWT and JOSE have won a Special European Identity Award

IETF logoToday the JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications were granted a Special European Identity Award for Best Innovation for Security in the API Economy. I was honored to accept the award, along with Nat Sakimura and John Bradley, on behalf of the contributors to and implementers of these specifications at the European Identity and Cloud Conference.

It’s great to see this recognition for the impact that these specs are having by making it easy to use simple JSON-based security tokens and other Web-friendly cryptographically protected data structures. Special thanks are due to all of you have built and deployed implementations and provided feedback on the specs throughout their development; they significantly benefitted from your active involvement!

These specifications are:

The authors are:

Dirk Balfanz, Yaron Goland, John Panzer, and Eric Rescorla also deserve thanks for their significant contributions to creating these specifications.

May 8, 2014
Publication requested for JSON Web Token (JWT), OAuth Assertions, and JOSE specifications

IETF logoToday, the OAuth Working Group requested publication of four specifications as proposed standards:

This follows on the JOSE Working Group likewise requesting publication of the JSON Object Signing and Encryption specifications last month:

This means that the working groups have sent the specifications to the IESG for review, which is the next step towards them becoming IETF Standards – RFCs.

April 30, 2014
JOSE -26 and JWT -20 drafts addressing editorial issues

IETF logoThe JOSE -26 and JWT -20 drafts address a few editorial issues recently identified by reviewers, hopefully further clarifying these aspects of the specifications. No normative changes were made.

See the Document History entries for details on the specific changes made.

The specifications are available at:

HTML formatted versions are also available at:

April 10, 2014
JSON Web Key (JWK) Thumbprint Specification

IETF logoI created a new simple spec that defines a way to create a thumbprint of an arbitrary key, based upon its JWK representation. The abstract of the spec is:

This specification defines a means of computing a thumbprint value (a.k.a. digest) of JSON Web Key (JWK) objects analogous to the x5t (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 certificate objects. This specification also registers the new JSON Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters and the new JSON Web Key (JWK) member name jkt (JWK SHA-256 Thumbprint) for holding these values.

The desire for this came up in an OpenID Connect context, but it’s of general applicability, so I decided to submit the spec to the JOSE working group. Thanks to James Manger, John Bradley, and Nat Sakimura for the discussions that led up to this spec.

The specification is available at:

An HTML formatted version is also available at:

April 1, 2014
Proof-Of-Possession Semantics for JSON Web Tokens (JWTs)

OAuth logoI’ve written a concise Internet-Draft on proof-of-possession for JWTs with John Bradley and Hannes Tschofenig. Quoting from the abstract:

This specification defines how to express a declaration in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular key and that the recipient can cryptographically confirm proof-of-possession of the key by the presenter. This property is also sometimes described as the presenter being a holder-of-key.

This specification intentionally does not specify the means of communicating the proof-of-possession JWT, nor the messages used to exercise the proof key, as these are necessarily application-specific. Rather, this specification defines a proof-of-possession JWT data structure to be used by other specifications that do define those things.

The specification is available at:

An HTML formatted version is available at:

March 31, 2014
JOSE -25 drafts fixing typos and updating references

IETF logoJOSE -25 drafts have been released that fix a few typos and update the WebCrypto reference to refer to the W3C Last Call draft.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to Antonio Sanso for bringing the typos to our attention.

March 20, 2014
Growing list of OpenID Connect libraries available

OpenID logoAs described in today’s openid.net post, a growing list of OpenID Connect and JWT/JOSE libraries are available. Check them out at http://openid.net/developers/libraries/.

March 18, 2014
JOSE -24 and JWT -19 drafts fixing errors found in examples

IETF logoJOSE -24 drafts have been released that fix two errors found in example values. The JWT -19 draft clarifies that support for Nested JWTs is optional. The JSON reference was also updated to RFC 7159 in all drafts.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to Edmund Jay and Hideki Nara for finding the bugs in the examples.

March 3, 2014
JWT -18 addressing remaining WGLC comments

IETF logoDraft -18 of the JSON Web Token (JWT) spec has been released, which addresses the few remaining outstanding comments from Working Group Last Call (WGLC). All edits were clarifications, rather than normative changes. See the Document History appendix for a description of the changes made.

New -23 versions of the JSON Object Signing and Encryption (JOSE) specs were also released since one clarification made to JWT also applied to JWS.

The specifications are available at:

HTML formatted versions are also available at:

March 2, 2014
JOSE -22 drafts fixing requirements language nits

IETF logoUpdated JOSE and JWT drafts have been published that fix a few instances of incorrect uses of RFC 2119 requirements language, such as changing an occurrence of “MUST not” to “MUST NOT”. These drafts also reference the newly completed JSON specification – RFC 7158.

The specifications are available at:

HTML formatted versions are also available at:

February 14, 2014
JOSE -21 drafts incorporating WGLC feedback

IETF logoJSON Object Signing and Encryption (JOSE) drafts have been published that address the feedback received during Working Group Last Call (WGLC) on the specifications, which ran from January 22 to February 13, 2014. Two breaking (but very local) changes were made as a result of working group discussions:

  • Replaced the JWK key_ops values wrap and unwrap with wrapKey and unwrapKey to match the KeyUsage values defined in the current Web Cryptography API editor’s draft.
  • Compute the PBES2 salt parameter as (UTF8(Alg) || 0×00 || Salt Input), where the p2s Header Parameter encodes the Salt Input value and Alg is the alg Header Parameter value.

A few editorial changes were also made to improve readability. See the Document History sections for the issues addressed by these changes. One parallel editorial change was also made to the JSON Web Token (JWT) specification.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to those of you who provided feedback on the specs during Working Group Last Call.

January 20, 2014
JOSE -20 drafts intended for Working Group Last Call

IETF logoJSON Object Signing and Encryption (JOSE) -20 drafts have been published that incorporate the changes agreed to on last week’s JOSE working group call. Hopefully this brings us to the point of Working Group Last Call.

The only normative changes were to change the name of the “use_details” JWK member to “key_ops” and to clarify that “use” is meant for public key use cases, “key_ops” is meant for use cases in which public, private, or symmetric keys may be present, and that “use” and “key_ops” should not be used together.

The drafts, including JSON Web Token (JWT), now also reference draft-ietf-json-rfc4627bis, rather than RFC 4627.

The drafts are available at:

HTML formatted versions are also available at:

December 29, 2013
JOSE -19 drafts intended for Working Group Last Call

IETF logoJSON Object Signing and Encryption (JOSE) -19 drafts have been published that address all my remaining to-do items for the open issues. I believe the remainder of the issues are either ready to close because of actions already taken in the drafts (the majority of them), require further input to identify any specific remaining proposed actions, if any (a few of them), or will be considered during Working Group Last Call (a few of them). Only editorial changes and one addition were made – no breaking changes.

In short, I believe I have addressed everything needed to bring us to Working Group Last Call for the JWS, JWE, JWK, and JWA specs.

The one addition was to add the optional “use_details” JWK field, as discussed on the JOSE list and the WebCrypto list. While I realize that this proposal hasn’t gotten much review yet (I believe due to the holidays), I wanted to get it in so people can review it in context, and as a concrete step towards meeting a perceived need for additional JWK functionality from the WebCrypto working group. It’s cleanly separable from the rest of the spec, so if the JOSE WG ends up hating it, we can always take it back out and possibly move it to a separate spec. But at least we have a concrete write-up of it now to review.

I also made a one-paragraph change to the JSON Web Token (JWT) spec to reference text in JWE, rather than duplicating it in JWT.

See the History entries for details of the (small number of) changes made.

The drafts are available at:

HTML formatted versions are also available at:

Next »