From 0e8a79c358beef652b43f394acf19130ce78b24c Mon Sep 17 00:00:00 2001 From: gabe Date: Tue, 16 Jan 2024 13:13:49 -0800 Subject: [PATCH 1/9] adjust language in example 13 --- index.html | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index fd4e9d5..757aa9f 100644 --- a/index.html +++ b/index.html @@ -820,6 +820,7 @@

JsonWebKey

publicKeyJwk
+

The `publicKeyJwk` property is REQUIRED, and its value MUST be a JSON Web Key that conforms to [[RFC7517]]. It is RECOMMENDED that verification methods that use @@ -827,6 +828,17 @@

JsonWebKey

their fragment identifier. It is RECOMMENDED that JWK `kid` values be set to the public key fingerprint [[RFC7638]]. See the first key in the example below for an instance of a public key with a compound key identifier. +

+

+The `alg` property identifies the algorithm intended +for use with the public key. Although optional, it is RECOMMENDED that `alg` +be included, to avoid security issues arising from using the same key with multiple +algorithms. If describing a key using an elliptic curve, the `crv` property is used +to identify the particular curve type of the public key. The `kid` property is a hint +used to help discover the key; if present, the `kid` value SHOULD match, or be included +in, the `id` property of the encapsulating `JsonWebKey` object, as part of the path, query, +or fragment of the URL. +

secretKeyJwk
@@ -861,14 +873,9 @@

JsonWebKey

In the example above, the `publicKeyJwk` value contains the JSON Web Key. The `kty` property encodes the key type of "OKP", which means "Octet string key pairs". The `alg` property identifies the algorithm intended -for use with the public key. Although optional, it is RECOMMENDED that `alg` -be included, to avoid security issues arising from using the same key with multiple -algorithms. The `crv` property identifies the particular curve type of the -public key. The `kid` property is a hint used to help discover the key; if present, -the `kid` value SHOULD match, or be included in, the `id` property of the -encapsulating `JsonWebKey` object, as part of the path, query, or fragment of the -URL. Finally, the `x` property specifies the point on the Ed25519 curve that is -associated with the public key. +for use with the public key, which in this case is `ES384`. The `crv` property identifies +the particular curve type of the public key, `P-384`. The `x` property specifies +the point on the P-384 curve that is associated with the public key.

From 48311019fdd6992dff00c32d9974990a6c1e9096 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Thu, 18 Jan 2024 15:44:08 -0600 Subject: [PATCH 2/9] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 757aa9f..1ecb4ed 100644 --- a/index.html +++ b/index.html @@ -830,7 +830,7 @@

JsonWebKey

for an instance of a public key with a compound key identifier.

-The `alg` property identifies the algorithm intended +The OPTIONAL `alg` property identifies the algorithm intended for use with the public key. Although optional, it is RECOMMENDED that `alg` be included, to avoid security issues arising from using the same key with multiple algorithms. If describing a key using an elliptic curve, the `crv` property is used From e5b71279992a63df7a7a001c9cc858e97db76a17 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Thu, 18 Jan 2024 15:44:22 -0600 Subject: [PATCH 3/9] Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 1ecb4ed..2c99cfa 100644 --- a/index.html +++ b/index.html @@ -832,9 +832,9 @@

JsonWebKey

The OPTIONAL `alg` property identifies the algorithm intended for use with the public key. Although optional, it is RECOMMENDED that `alg` -be included, to avoid security issues arising from using the same key with multiple -algorithms. If describing a key using an elliptic curve, the `crv` property is used -to identify the particular curve type of the public key. The `kid` property is a hint +be included, to avoid security issues that arise when using the same key with multiple +algorithms. If describing a key using an elliptic curve, the OPTIONAL `crv` property is used +to identify the particular curve type of the public key. The OPTIONAL `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD match, or be included in, the `id` property of the encapsulating `JsonWebKey` object, as part of the path, query, or fragment of the URL. From 3a0d23a94b0d32914855545b21e659bd9f49aa8a Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Thu, 25 Jan 2024 10:19:06 -0600 Subject: [PATCH 4/9] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 2c99cfa..09e9030 100644 --- a/index.html +++ b/index.html @@ -830,9 +830,9 @@

JsonWebKey

for an instance of a public key with a compound key identifier.

-The OPTIONAL `alg` property identifies the algorithm intended -for use with the public key. Although optional, it is RECOMMENDED that `alg` -be included, to avoid security issues that arise when using the same key with multiple +The REQUIRED `alg` property identifies the algorithm intended +for use with the public key, which is +included to prevent security issues that can arise when using the same key with multiple algorithms. If describing a key using an elliptic curve, the OPTIONAL `crv` property is used to identify the particular curve type of the public key. The OPTIONAL `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD match, or be included From 29dadd3543c19fb1b2677503d411d0b2cc97c635 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 26 Jan 2024 13:37:55 -0600 Subject: [PATCH 5/9] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 09e9030..c650766 100644 --- a/index.html +++ b/index.html @@ -831,7 +831,7 @@

JsonWebKey

The REQUIRED `alg` property identifies the algorithm intended -for use with the public key, which is +for use with the public key, and is included to prevent security issues that can arise when using the same key with multiple algorithms. If describing a key using an elliptic curve, the OPTIONAL `crv` property is used to identify the particular curve type of the public key. The OPTIONAL `kid` property is a hint From acb6f0fe357bab7fd55d79a45bc89d850a35a709 Mon Sep 17 00:00:00 2001 From: gabe Date: Fri, 26 Jan 2024 12:19:49 -0800 Subject: [PATCH 6/9] update alg prop --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index c650766..b9fc110 100644 --- a/index.html +++ b/index.html @@ -830,7 +830,7 @@

JsonWebKey

for an instance of a public key with a compound key identifier.

-The REQUIRED `alg` property identifies the algorithm intended +The `alg` property identifies the algorithm intended for use with the public key, and is included to prevent security issues that can arise when using the same key with multiple algorithms. If describing a key using an elliptic curve, the OPTIONAL `crv` property is used From 0504d11b546764ed6417215589e78d22a6be861e Mon Sep 17 00:00:00 2001 From: gabe Date: Fri, 26 Jan 2024 12:20:21 -0800 Subject: [PATCH 7/9] update --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index b9fc110..b511b9b 100644 --- a/index.html +++ b/index.html @@ -833,8 +833,8 @@

JsonWebKey

The `alg` property identifies the algorithm intended for use with the public key, and is included to prevent security issues that can arise when using the same key with multiple -algorithms. If describing a key using an elliptic curve, the OPTIONAL `crv` property is used -to identify the particular curve type of the public key. The OPTIONAL `kid` property is a hint +algorithms. If describing a key using an elliptic curve, the `crv` property is used +to identify the particular curve type of the public key. The `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD match, or be included in, the `id` property of the encapsulating `JsonWebKey` object, as part of the path, query, or fragment of the URL. From 0997c22d55725010938e93ad60566a862f28ce81 Mon Sep 17 00:00:00 2001 From: gabe Date: Thu, 1 Feb 2024 16:23:38 -0500 Subject: [PATCH 8/9] add section references --- index.html | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index b511b9b..d94819d 100644 --- a/index.html +++ b/index.html @@ -830,14 +830,16 @@

JsonWebKey

for an instance of a public key with a compound key identifier.

-The `alg` property identifies the algorithm intended -for use with the public key, and is -included to prevent security issues that can arise when using the same key with multiple -algorithms. If describing a key using an elliptic curve, the `crv` property is used -to identify the particular curve type of the public key. The `kid` property is a hint -used to help discover the key; if present, the `kid` value SHOULD match, or be included -in, the `id` property of the encapsulating `JsonWebKey` object, as part of the path, query, -or fragment of the URL. +As specified in Section 4.4 of the JWK specification, +the `alg` property identifies the algorithm intended for use with the public key, +and is included to prevent security issues that can arise when using the same +key with multiple algorithms. As specified in +Section 6.2.1.1 of the JWA specification, describing a key using an elliptic curve, +the `crv` property is used to identify the particular curve type of the public key. +As specified in Section 4.1.4 of the JWS specification, +the `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD +match, or be included in, the `id` property of the encapsulating `JsonWebKey` object, +as part of the path, query, or fragment of the URL.

secretKeyJwk
From 4343f5b5e3074916c155f3996b5ea6bad94e2a20 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Wed, 14 Feb 2024 10:28:48 -0600 Subject: [PATCH 9/9] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index d94819d..ef0002b 100644 --- a/index.html +++ b/index.html @@ -831,13 +831,13 @@

JsonWebKey

As specified in Section 4.4 of the JWK specification, -the `alg` property identifies the algorithm intended for use with the public key, -and is included to prevent security issues that can arise when using the same +the OPTIONAL `alg` property identifies the algorithm intended for use with the public key, +and SHOULD be included to prevent security issues that can arise when using the same key with multiple algorithms. As specified in Section 6.2.1.1 of the JWA specification, describing a key using an elliptic curve, -the `crv` property is used to identify the particular curve type of the public key. +the REQUIRED `crv` property is used to identify the particular curve type of the public key. As specified in Section 4.1.4 of the JWS specification, -the `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD +the OPTIONAL `kid` property is a hint used to help discover the key; if present, the `kid` value SHOULD match, or be included in, the `id` property of the encapsulating `JsonWebKey` object, as part of the path, query, or fragment of the URL.