[auth48] Re: AUTH48: RFC-to-be 9679 for your review

[Orie Steele via auth48archive]

Hi, the text here:

OLD:

A50102200121582065EDA5A12577C2BAE829437FE338701A10AAA375E1BB5B5DE108D
E439C08551D2258201E52ED75701163F7F9E40DDF9F341B3DC9BA860AF7E0CA7CA7E9
EECD0084D19C0258246D65726961646F632E6272616E64796275636B406275636B6C6
16E642E6578616D706C65

NEW:

A50102200121582065EDA5A12577C2BAE829437FE338701A10AAA375E1BB5B5DE108DE439C08551D2258201E52ED75701163F7F9E40DDF9F341B3DC9BA860AF7E0CA7CA7E9EECD0084D19C025820496BD8AFADF307E5B08C64B0421BF9DC01528A344A43BDA88FADD1669DA253EC

The example of EDN was changed during auth48 but the encoded hex was not
updated.

I confirmed the source code blocks are processed correctly using cbor.me,
this was the only issue I encountered.

OS

On Fri, Dec 6, 2024 at 4:35 PM Michael Jones <michael_b_jo...@hotmail.com>
wrote:

> I looked at all the sourcecode blocks.  Their types look fine to me.
>
>                                 Best wishes,
>                                 -- Mike
>
> -----Original Message-----
> From: Karen Moore <kmo...@amsl.com>
> Sent: Friday, December 6, 2024 12:34 PM
> To: Hannes Tschofenig <hannes.tschofe...@gmx.net>; Orie Steele
> <orie@transmute.industries>; Isobe Kohei <isobeko...@gmail.com>; Hannes
> Tschofenig <hannes.tschofe...@gmail.com>
> Cc: Michael Jones <michael_b_jo...@hotmail.com>; RFC Editor <
> rfc-edi...@rfc-editor.org>; cose-...@ietf.org; Cose Chairs Wg <
> cose-cha...@ietf.org>; auth48archive <auth48archive@rfc-editor.org>; Paul
> Wouters <paul.wout...@aiven.io>
> Subject: AUTH48: RFC-to-be 9679 <draft-ietf-cose-key-thumbprint-06> for
> your review
>
> Authors,
>
> The IANA actions are complete for this document. Prior to moving forward
> with publication, please confirm if you want to perform any further checks
> on the sourcecode per this note:
>
> > The sourcecode type should be set to cbor-diag. We should validate these
> source code blocks once more at the very end, using CBOR.me or similar.
>
>
> Best regards,
> RFC Editor/kc
>
> > On Dec 5, 2024, at 10:25 AM, Karen Moore <kmo...@amsl.com> wrote:
> >
> > Hi Paul and *Authors,
> >
> > Thank you for your quick reply. We have noted your approval on the
> AUTH48 status page (https://www.rfc-editor.org/auth48/rfc9679).
> >
> > *Authors, please confirm if any final checks need to be performed prior
> to publication per this comment:
> >
> >> The sourcecode type should be set to cbor-diag. We should validate
> these source code blocks once more at the very end, using CBOR.me or
> similar.
> >
> > Note that we will ask IANA to update their registry per the recent
> update; we will inform you when complete.
> >
> > Best regards,
> > RFC Editor/kc
> >
> >> On Dec 5, 2024, at 9:54 AM, Paul Wouters <paul.wout...@aiven.io> wrote:
> >>
> >> I approve,
> >>
> >> Thanks everyone for working this out and catching it before the RFC
> went out.
> >>
> >> Paul
> >>
> >> On Thu, Dec 5, 2024 at 12:45 PM Karen Moore <kmo...@amsl.com> wrote:
> >> Hi Mike and *Paul (AD),
> >>
> >> Thanks for providing the updated XML file. The changes are now
> reflected in our files. Hannes and Orie, we will assume your assent to
> these changes unless we hear otherwise.
> >>
> >> *Paul, please review the following changes and let us know if you
> approve (we updated item 3 and added item 4; see Mike’s explanation for the
> new changes in the thread below). The updates can also be viewed here:
> https://www.rfc-editor.org/authors/rfc9679-auth48diff.html.
> >>
> >> 1) Section 5.1
> >>
> >> OLD:
> >>  The COSE Key Thumbprint is a digest of the essential parameters
> >> required  to represent the key as a COSE Key, rather than any
> >> additional data that  might accompany the key.
> >>
> >> NEW:
> >>  The COSE Key Thumbprint is a digest of the ordered essential
> >> parameters needed to represent a COSE Key, with all other  parameters
> >> excluded.
> >>
> >> ...
> >> 2) Section 5.3
> >>
> >> OLD:
> >>  Any party in possession of a key that is represented as a COSE Key
> >> can  use the COSE Key Thumbprint.
> >>
> >> NEW:
> >>  The only prerequisites are that the COSE_Key representation  of the
> >> key be defined and the party creating the COSE Key Thumbprint  be in
> >> possession of the necessary key material.
> >>
> >> …
> >> 3) Addition of Section 5.5
> >>
> >> NEW:
> >>  5.5 Relationship to JSON Web Key Thumbprints
> >>
> >>   The ckt of a COSE Key, as described in Section 7 of [RFC9052], and
> >>   the jkt of a JSON Web Key, as described in Section 4 of [RFC7517],
> >>   are different even when the underlying cryptographic key material is
> >>   the same.
> >>
> >>   This document does not register a JWT confirmation method [RFC7800]
> >>   for using "ckt" as a confirmation method for a JWT or a CWT
> >>   confirmation method [RFC8747] for using "jkt" as a confirmation
> >>   method for a CWT.
> >>
> >> ...
> >> 4) Section 5.6 - please review the file for the changes to this section.
> >>
> >> …
> >> 5) Section 8
> >>
> >> OLD:
> >>  Confirmation Method Name:  ckt
> >>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >> Confirmation Method Name:  jkt
> >>
> >> NEW:
> >>  Confirmation Method Name:  ckt
> >>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >> Confirmation Method Name: (none)
> >>
> >>
> >> —FILES (please refresh)—
> >>
> >> The updated XML file is here:
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679.xml&data=05%7C02%7C%7C9544d46df66b
> >> 4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638
> >> 691140464939559%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO
> >> iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7
> >> C%7C%7C&sdata=9Me94X%2Br0n99MgWJeiVNBDMWu2H%2F%2FBUtZ7%2BnWTndVZo%3D&
> >> reserved=0
> >>
> >> The updated output files are here:
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679.txt&data=05%7C02%7C%7C9544d46df66b
> >> 4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638
> >> 691140464950611%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO
> >> iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7
> >> C%7C%7C&sdata=Fsl%2Fg9ZG13NgmZitOgbx2s7RwnOztrJpau1g6xqly%2Bg%3D&rese
> >> rved=0
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679.pdf&data=05%7C02%7C%7C9544d46df66b
> >> 4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638
> >> 691140464961460%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO
> >> iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7
> >> C%7C%7C&sdata=xR7GOgpVjsV0EFW8%2F1LKHXNdvJrGUZYn1fgVLxgBvjE%3D&reserv
> >> ed=0
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679.html&data=05%7C02%7C%7C9544d46df66
> >> b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63
> >> 8691140464972095%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYi
> >> OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%
> >> 7C%7C%7C&sdata=mhyzYzCDinFXQDNyv5Mnba%2FtlPRNawV6okAEWJWaVFo%3D&reser
> >> ved=0
> >>
> >> This diff file shows all changes made during AUTH48:
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679-auth48diff.html&data=05%7C02%7C%7C
> >> 9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7
> >> C1%7C0%7C638691140464982812%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiO
> >> nRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ
> >> %3D%3D%7C0%7C%7C%7C&sdata=4Q2EXvpbtg6pj2Bd9kxDnv3MvRTIdbSA3guNFGp2wi4
> >> %3D&reserved=0
> >>
> >> These diff files show only changes made during the last edit round:
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679-lastdiff.html&data=05%7C02%7C%7C95
> >> 44d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1
> >> %7C0%7C638691140464993688%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnR
> >> ydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >> D%3D%7C0%7C%7C%7C&sdata=8MfXLLAQsYchBiSoaSXpANGtv2aymEWMD9kz5GpsKHY%3
> >> D&reserved=0
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679-lastrfcdiff.html&data=05%7C02%7C%7
> >> C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%
> >> 7C1%7C0%7C638691140465004216%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGki
> >> OnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyf
> >> Q%3D%3D%7C0%7C%7C%7C&sdata=7Tu7WeAoLyKMdDOnRiCnh%2FmpQr%2BYTX0EHfIqoF
> >> hboDE%3D&reserved=0
> >>
> >> This diff file shows all changes made to date:
> >> https://www/.
> >> rfc-editor.org%2Fauthors%2Frfc9679-diff.html&data=05%7C02%7C%7C9544d4
> >> 6df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0
> >> %7C638691140465014730%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWU
> >> sIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D
> >> %7C0%7C%7C%7C&sdata=qp0u2ZndV9%2Bkz4%2BHbRA5b92WU0IhgtUluWPuhwNcrhc%3
> >> D&reserved=0
> >>
> >> For the AUTH48 status of this document, please see:
> >> https://www/.
> >> rfc-editor.org%2Fauth48%2Frfc9679&data=05%7C02%7C%7C9544d46df66b4fad8
> >> 33008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63869114
> >> 0465025294%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLj
> >> AuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%
> >> 7C&sdata=mgDSViKT0Hyl7I%2B60i0CrYfwyKX5lZG%2BrPmVRDYquKg%3D&reserved=
> >> 0
> >>
> >> Thank you,
> >> RFC Editor/kc
> >>
> >>
> >>> On Dec 4, 2024, at 3:08 PM, Michael Jones <michael_b_jo...@hotmail.com>
> wrote:
> >>>
> >>> Folks, I hate to do this, but in reviewing the newly added section, I
> realized that it was incorrectly using the term "claim".  In both RFC 7800
> and RFC 8747, "cnf" is a claim, whereas the JWT and CWT confirmation
> members are referred to as "members" - not "claims".  Then I realized there
> other places in the draft this the term "claim" was incorrectly used.
> >>>
> >>> The attached updated source file makes the needed corrections.  For
> easier reviewing, a diff from the RFC Editor's source also follows.
> >>>
> >>> RFC Editor, please apply these edits and send out a new draft for
> review.
> >>>
> >>>                               Thanks,
> >>>                       -- Mike (writing as a COSE chair)
> >>>
> >>> diff rfc9679.xml rfc9679_mbj.xml
> >>> 46c46
> >>> <     <date year="2024" month="October"/>
> >>> ---
> >>>>   <date year="2024" month="December"/>
> >>> 284,285c284,288
> >>> <    This document does not register a JWT claim for using ckt as a
> confirmation
> >>> <    method for a JWT or a CWT claim for using jkt as a confirmation
> method for a CWT.
> >>> ---
> >>>>  This document does not register
> >>>>  a JWT confirmation method <xref target="RFC7800"/>  for using
> >>>> "ckt" as a confirmation method for a JWT  or a CWT confirmation
> >>>> method <xref target="RFC8747"/>  for using "jkt" as a confirmation
> >>>> method for a CWT.
> >>> 293,294c296,297
> >>> <         <t>The proof-of-possession key is identified using the "ckt"
> claim,
> >>> < the COSE Key Thumbprint claim. This claim contains the value of
> >>> ---
> >>>>       <t>The proof-of-possession key is identified using the "ckt"
> >>>> member of the CWT confirmation claim "cnf". This member contains
> >>>> the value of
> >>> 299c302
> >>> < claim. In this approach, the issuer of a CWT declares that the
> >>> ---
> >>>> member. In this approach, the issuer of a CWT declares that the
> >>> 302c305
> >>> <       of the key by including a "ckt" claim in the CWT.</t>
> >>> ---
> >>>> of the key by including a "ckt" CWT confirmation method member in
> >>>> the CWT.</t>
> >>> 304c307
> >>> <         <t>The following example demonstrates the use of the "ckt"
> claim
> >>> ---
> >>>>       <t>The following example demonstrates the use of the "ckt"
> >>>> member
> >>> 319,320c322,323
> >>> <         <t><xref target="IANA"/> registers the "ckt" claim and the
> confirmation method.
> >>> < The "ckt" claim is expected to be used in the "cnf" claim.</t>
> >>> ---
> >>>>       <t><xref target="IANA"/> registers the "ckt" CWT confirmation
> method member.
> >>>> The "ckt" member is used in the "cnf" claim.</t>
> >>> 510a514
> >>>>       <xi:include
> >>>> href="https://na01.safelinks.protection.outlook.com/?url=https%3A%252
> >>>> F%2Fbib.ietf.org%2Fpublic%2Frfc%2Fbibxml%2Freference.RFC.7800.xml%2
> >>>> 522%2F&data=05%7C02%7C%7C9544d46df66b4fad833008dd163551da%7C84df9e7
> >>>> fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638691140465036648%7CUnknown%7C
> >>>> TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4
> >>>> zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=q2LHlyc0jk
> >>>> lVmi9pIrvk8G0YOJ%2BtkF5CGripORRLtlA%3D&reserved=0>
> >>
> >>
> >>> On Dec 4, 2024, at 12:12 PM, Karen Moore <kmo...@amsl.com> wrote:
> >>>
> >>> Hi Orie and *Paul (AD),
> >>>
> >>> We have updated the text with your additional suggested edits; the
> changes are now reflected in our files (links below). We now await
> approvals from Hannes and Paul.
> >>>
> >>> *Paul, please review the following changes and let us know if you
> approve. The updates can also be viewed here:
> https://www.rfc-editor.org/authors/rfc9679-auth48diff.html.
> >>>
> >>> 1) Section 5.1
> >>>
> >>> OLD:
> >>>  The COSE Key Thumbprint is a digest of the essential parameters
> >>> required  to represent the key as a COSE Key, rather than any
> >>> additional data that  might accompany the key.
> >>>
> >>> NEW:
> >>>  The COSE Key Thumbprint is a digest of the ordered essential
> >>> parameters needed to represent a COSE Key, with all other
> >>> parameters excluded.
> >>>
> >>> ...
> >>> 2) Section 5.3
> >>>
> >>> OLD:
> >>>  Any party in possession of a key that is represented as a COSE Key
> >>> can  use the COSE Key Thumbprint.
> >>>
> >>> NEW:
> >>>  The only prerequisites are that the COSE_Key representation  of the
> >>> key be defined and the party creating the COSE Key Thumbprint  be in
> >>> possession of the necessary key material.
> >>>
> >>> …
> >>> 3) Addition of Section 5.5
> >>>
> >>> NEW:
> >>>  5.5 Relationship to JSON Web Key Thumbprints
> >>>
> >>>  The ckt of a COSE Key, as described in Section 7 of [RFC9052], and
> >>> the jkt of a JSON Web Key,  as described in Section 4 of RFC 7517,
> >>> are different even when the underlying cryptographic  key material is
> the same.
> >>>
> >>>  This document does not register a JWT claim for using ckt as a
> >>> confirmation  method for a JWT or a CWT claim for using jkt as a
> confirmation method for a CWT.
> >>>
> >>> …
> >>> 4) Section 8
> >>>
> >>> OLD:
> >>>  Confirmation Method Name:  ckt
> >>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >>> Confirmation Method Name:  jkt
> >>>
> >>> NEW:
> >>>  Confirmation Method Name:  ckt
> >>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >>> Confirmation Method Name: (none)
> >>>
> >>>
> >>> —FILES (please refresh)—
> >>>
> >>> The updated XML file is here:
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679.xml&data=05%7C02%7C%7C9544d46df6
> >>> 6b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C
> >>> 638691140465060532%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI
> >>> lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%
> >>> 7C0%7C%7C%7C&sdata=pR%2FYwpMq8vYw1GuBuqwluIFHSkD9o0pIAPh1An6xJIY%3D&
> >>> reserved=0
> >>>
> >>> The updated output files are here:
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679.txt&data=05%7C02%7C%7C9544d46df6
> >>> 6b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C
> >>> 638691140465071281%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI
> >>> lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%
> >>> 7C0%7C%7C%7C&sdata=NTS6w4UFqkC%2BR9LoD86rZkqkPlwGbx%2BrxX%2BoRJz1Cy4
> >>> %3D&reserved=0
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679.pdf&data=05%7C02%7C%7C9544d46df6
> >>> 6b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C
> >>> 638691140465082645%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI
> >>> lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%
> >>> 7C0%7C%7C%7C&sdata=rgRi2sWh85kqRKA%2FSsrhBLvMqkqPg8H3uGjjoQ7dShc%3D&
> >>> reserved=0
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679.html&data=05%7C02%7C%7C9544d46df
> >>> 66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7
> >>> C638691140465093413%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUs
> >>> IlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D
> >>> %7C0%7C%7C%7C&sdata=pbPzR2vsSF8dKjaOCG5DeOMzqcLZo6tEPvNDJWynaTQ%3D&r
> >>> eserved=0
> >>>
> >>> This diff file shows all changes made during AUTH48:
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679-auth48diff.html&data=05%7C02%7C%
> >>> 7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaa
> >>> a%7C1%7C0%7C638691140465104166%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hc
> >>> GkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUI
> >>> joyfQ%3D%3D%7C0%7C%7C%7C&sdata=GW6JGkFDyHXApETPyRO9Gd6o1ZRJwrtYrqIFm
> >>> 1eP8RY%3D&reserved=0
> >>>
> >>> These diff files show only changes made during the last edit round:
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679-lastdiff.html&data=05%7C02%7C%7C
> >>> 9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%
> >>> 7C1%7C0%7C638691140465115074%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGk
> >>> iOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjo
> >>> yfQ%3D%3D%7C0%7C%7C%7C&sdata=BQ2SWfFPQo2nOGoRFi9eE7eh8ELr62cvtgXhZjX
> >>> wVR8%3D&reserved=0
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679-lastrfcdiff.html&data=05%7C02%7C
> >>> %7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaa
> >>> aa%7C1%7C0%7C638691140465126114%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1h
> >>> cGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldU
> >>> IjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YTINm31Pzmtm9PuAJ5Jmo0EVHr3irXXJD%2B
> >>> 6yX40l%2Fo0%3D&reserved=0
> >>>
> >>> This diff file shows all changes made to date:
> >>> https://www/
> >>> .rfc-editor.org%2Fauthors%2Frfc9679-diff.html&data=05%7C02%7C%7C9544
> >>> d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%
> >>> 7C0%7C638691140465137113%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnR
> >>> ydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%
> >>> 3D%3D%7C0%7C%7C%7C&sdata=FGXOXzHwS%2FZNierdvtwwH7SQgwAE5P1OwPpARIv%2
> >>> F8P8%3D&reserved=0
> >>>
> >>> For the AUTH48 status of this document, please see:
> >>> https://www/
> >>> .rfc-editor.org%2Fauth48%2Frfc9679&data=05%7C02%7C%7C9544d46df66b4fa
> >>> d833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63869
> >>> 1140465148142%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOi
> >>> IwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7
> >>> C%7C%7C&sdata=V1fBW3dE4mG2Pi4xKstvtQwyLT5vcwCSWuOAIDPAqmk%3D&reserve
> >>> d=0
> >>>
> >>> Thank you,
> >>> RFC Editor/kc
> >>>
> >>>
> >>>> On Dec 4, 2024, at 7:26 AM, Orie Steele <orie@transmute.industries>
> wrote:
> >>>>
> >>>> Thank you!
> >>>>
> >>>> "cose key" should be "COSE Key",
> >>>>
> >>>> We could add "COSE Key as described in Section 7 of RFC9052" and
> "JSON Web Key, as described in Section 4 of RFC7517"
> >>>>
> >>>> If the citations are helpful... This is a style nit.
> >>>>
> >>>> I approve of the changes.
> >>>>
> >>>> On Tue, Dec 3, 2024 at 3:48 PM Karen Moore <kmo...@amsl.com> wrote:
> >>>> Authors,
> >>>>
> >>>> Thank you for the discussion and suggested changes.  Our files now
> reflect the updates below (see <
> https://www.rfc-editor.org/authors/rfc9679-lastrfcdiff.html> for a
> snapshot of the changes). Please review and let us know if these changes
> are agreeable or if any further updates are needed. We will then ask the AD
> to approve them.
> >>>>
> >>>> 1) Section 5.3
> >>>>
> >>>> OLD:
> >>>>  Any party in possession of a key that is represented as a COSE Key
> >>>> can  use the COSE Key Thumbprint.
> >>>>
> >>>> NEW:
> >>>>  The only prerequisites are that the COSE_Key representation  of
> >>>> the key be defined and the party creating the COSE Key Thumbprint
> >>>> be in possession of the necessary key material.
> >>>>
> >>>> ...
> >>>> 2) Addition of New Section. Note that we made “json web key”
> uppercase for consistency.
> >>>>
> >>>> NEW:
> >>>>  5.5 Relationship to JSON Web Key Thumbprints
> >>>>
> >>>>  The ckt of a cose key and jkt of a JSON Web Key are different,
> >>>> even when  underlying cryptographic key material is the same.
> >>>>
> >>>>  This document does not register a JWT claim for using ckt as a
> >>>> confirmation  method for a JWT or a CWT claim for using jkt as a
> confirmation method for a CWT.
> >>>>
> >>>> ...
> >>>> 3) Section 8
> >>>>
> >>>> OLD:
> >>>>  Confirmation Method Name:  ckt
> >>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >>>> Confirmation Method Name:  jkt
> >>>>
> >>>> NEW:
> >>>>  Confirmation Method Name:  ckt
> >>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint  JWT
> >>>> Confirmation Method Name: (none)
> >>>>
> >>>>
> >>>> —FILES (please refresh)—
> >>>>
> >>>> The updated XML file is here:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679.xml&data=05%7C02%7C%7C9544d46d
> >>>> f66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0
> >>>> %7C638691140465169721%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRyd
> >>>> WUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >>>> D%3D%7C0%7C%7C%7C&sdata=ybjaVt1EwEj%2BEPa9wa5V2Jb%2FlY9RtOtaYVb7ZOm
> >>>> EGkw%3D&reserved=0
> >>>>
> >>>> The updated output files are here:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679.txt&data=05%7C02%7C%7C9544d46d
> >>>> f66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0
> >>>> %7C638691140465180567%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRyd
> >>>> WUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >>>> D%3D%7C0%7C%7C%7C&sdata=czMW16qPcbahA%2BfUSC4fq9p%2F1UPUJJP8CR%2BWH
> >>>> Bc%2FByg%3D&reserved=0
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679.pdf&data=05%7C02%7C%7C9544d46d
> >>>> f66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0
> >>>> %7C638691140465191478%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRyd
> >>>> WUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >>>> D%3D%7C0%7C%7C%7C&sdata=svfJ6nNkcPHgErawmc2gNhAADZcn8hHB1twcoPaKn38
> >>>> %3D&reserved=0
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679.html&data=05%7C02%7C%7C9544d46
> >>>> df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C
> >>>> 0%7C638691140465203657%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRy
> >>>> dWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%
> >>>> 3D%3D%7C0%7C%7C%7C&sdata=LLQbP9vw%2FCoZyuOIsrcih%2BI6vaBsMt7MjFhHoP
> >>>> p5tj4%3D&reserved=0
> >>>>
> >>>> This diff file shows all changes made during AUTH48:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679-auth48diff.html&data=05%7C02%7
> >>>> C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaa
> >>>> aaaa%7C1%7C0%7C638691140465214410%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0e
> >>>> U1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIs
> >>>> IldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=CWMJs49ps76shRZc0uAIaBU0KsdJ9JQ
> >>>> 6FioGa7H5iLA%3D&reserved=0
> >>>>
> >>>> These diff files show only changes made during the last edit round:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679-lastdiff.html&data=05%7C02%7C%
> >>>> 7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaa
> >>>> aa%7C1%7C0%7C638691140465224906%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1
> >>>> hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIl
> >>>> dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=BQ0cX0W%2BW9vcbiX0ezMGrtGWYkHBjWM
> >>>> 5tkeTscYVCto%3D&reserved=0
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679-lastrfcdiff.html&data=05%7C02%
> >>>> 7C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaa
> >>>> aaaaa%7C1%7C0%7C638691140465235814%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0
> >>>> eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCI
> >>>> sIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=MKebtlbx92dwZEuZWWx%2BgszkRZvl
> >>>> %2FHfUY83Ef5TK1rk%3D&reserved=0
> >>>>
> >>>> This diff file shows all changes made to date:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauthors%2Frfc9679-diff.html&data=05%7C02%7C%7C95
> >>>> 44d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7
> >>>> C1%7C0%7C638691140465246378%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGk
> >>>> iOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIj
> >>>> oyfQ%3D%3D%7C0%7C%7C%7C&sdata=kWD18%2BJo2%2FxJQ%2F0G187xs4c2WkTSyge
> >>>> 3wEtKK5gBaP0%3D&reserved=0
> >>>>
> >>>> For the AUTH48 status of this document, please see:
> >>>> https://ww/
> >>>> w.rfc-editor.org%2Fauth48%2Frfc9679&data=05%7C02%7C%7C9544d46df66b4
> >>>> fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63
> >>>> 8691140465257424%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl
> >>>> YiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%
> >>>> 7C0%7C%7C%7C&sdata=K1frRy3PTOkDxxSy0sJw1atwU5tn34OC65vx0b1%2BilY%3D
> >>>> &reserved=0
> >>>>
> >>>> Thank you,
> >>>> RFC Editor/kc
> >>>>
> >>>>> On Dec 3, 2024, at 7:55 AM, Hannes Tschofenig <
> hannes.tschofe...@gmail.com> wrote:
> >>>>>
> >>>>> Thanks for the insightful comment, Orie. I agree with your proposed
> edits for the IANA consideration section and the extra text before the
> section on relationship to certificate thumbprints.
> >>>>>
> >>>>> I am also fine with the additional text Mike proposed.
> >>>>>
> >>>>> It is indeed too late to add new functionality at this point in time.
> >>>>>
> >>>>> Ciao
> >>>>> Hannes
> >>>>>
> >>>>>
> >>>>> On Tue, Dec 3, 2024 at 3:13 AM Michael Jones <
> michael_b_jo...@hotmail.com> wrote:
> >>>>> I support adding the section that Orie proposed.
> >>>>>
> >>>>>
> >>>>>
> >>>>> However in reviewing related text, I unfortunately found a problem.
> Reading
> https://datatracker.ietf.org/doc/html/draft-ietf-cose-key-thumbprint-06#section-5.3,
> it differs from https://www.rfc-editor.org/rfc/rfc7638#section-3.5 in a
> counterproductive and overly restrictive way.  Please change:
> >>>>>
> >>>>>
> >>>>>
> >>>>> Any party in possession of a key that is represented as a COSE Key
> >>>>> can
> >>>>>
> >>>>> use the COSE Key Thumbprint.
> >>>>>
> >>>>>
> >>>>>
> >>>>> to:
> >>>>>
> >>>>>
> >>>>>
> >>>>> The only prerequisites are that the COSE_Key representation
> >>>>>
> >>>>> of the key be defined and the party creating the COSE Key
> >>>>> Thumbprint
> >>>>>
> >>>>> be in possession of the necessary key material.
> >>>>>
> >>>>>
> >>>>>
> >>>>> That way it will be more actionable and will parallel the
> corresponding RFC 7638 text.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Thanks all,
> >>>>>
> >>>>>                                                               --
> >>>>> Mike
> >>>>>
> >>>>>
> >>>>>
> >>>>> From: Orie Steele <orie@transmute.industries>
> >>>>> Sent: Monday, December 2, 2024 5:55 PM
> >>>>> To: Michael Jones <michael_b_jo...@hotmail.com>
> >>>>> Cc: Hannes Tschofenig <hannes.tschofe...@gmail.com>; Hannes
> >>>>> Tschofenig <hannes.tschofe...@gmx.net>; RFC Editor
> >>>>> <rfc-edi...@rfc-editor.org>; Isobe Kohei <isobeko...@gmail.com>;
> >>>>> cose-...@ietf.org; Cose Chairs Wg <cose-cha...@ietf.org>; Paul
> >>>>> Wouters <paul.wout...@aiven.io>; auth48archive
> >>>>> <auth48archive@rfc-editor.org>
> >>>>> Subject: Re: AUTH48: RFC-to-be 9679
> >>>>> <draft-ietf-cose-key-thumbprint-06> for your review
> >>>>>
> >>>>>
> >>>>>
> >>>>> Let's add a section to the document, before the section on
> relationship to certificate thumbprints.
> >>>>>
> >>>>>
> >>>>>
> >>>>> 5.5 Relationship to JSON Web Key Thumbprints
> >>>>>
> >>>>>
> >>>>>
> >>>>> The ckt of a cose key, and jkt of a json web key are different, even
> when underlying cryptographic key material is the same.
> >>>>>
> >>>>>
> >>>>>
> >>>>> This document does not register a JWT claim for using ckt as a
> confirmation method for a JWT, or a CWT claim for using jkt as a
> confirmation method for a CWT.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Mon, Dec 2, 2024, 6:26 PM Orie Steele <orie@transmute.industries>
> wrote:
> >>>>>
> >>>>> I agree, let's just stick with the simple (none) solution.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Hannes can you approve or suggest changes to the clarifying text
> that makes it clear this is not an oversight?
> >>>>>
> >>>>>
> >>>>>
> >>>>> Mike, do you object to that clarifying text assuming we take you
> change to the IANA considerations section?
> >>>>>
> >>>>>
> >>>>>
> >>>>> OS
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Mon, Dec 2, 2024, 5:56 PM Michael Jones <
> michael_b_jo...@hotmail.com> wrote:
> >>>>>
> >>>>> I’m either fine with Orie’s proposed change to the registration
> wording or the following one:
> >>>>>
> >>>>>
> >>>>>
> >>>>> From:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name:  jkt
> >>>>>
> >>>>> To:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name: (none)
> >>>>>
> >>>>> For the record, I’m not OK trying to add a ckt JWT “cnf” method as
> an AUTH48 action (despite me appreciating Orie’s discussion of the
> possibility).
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Cheers,
> >>>>>
> >>>>>                                                               --
> >>>>> Mike
> >>>>>
> >>>>>
> >>>>>
> >>>>> From: Orie Steele <orie@transmute.industries>
> >>>>> Sent: Monday, December 2, 2024 2:55 PM
> >>>>> To: Hannes Tschofenig <hannes.tschofe...@gmail.com>
> >>>>> Cc: Hannes Tschofenig <hannes.tschofe...@gmx.net>; RFC Editor
> >>>>> <rfc-edi...@rfc-editor.org>; Isobe Kohei <isobeko...@gmail.com>;
> >>>>> cose-...@ietf.org; Cose Chairs Wg <cose-cha...@ietf.org>; Michael
> >>>>> Jones <michael_b_jo...@hotmail.com>; Paul Wouters
> >>>>> <paul.wout...@aiven.io>; auth48archive@rfc-editor.org
> >>>>> Subject: Re: AUTH48: RFC-to-be 9679
> >>>>> <draft-ietf-cose-key-thumbprint-06> for your review
> >>>>>
> >>>>>
> >>>>>
> >>>>> This is indeed a bug, for extra assurance that it is a problem:
> >>>>>
> >>>>> How would you use a ckt to verify a JWT that was using "cnf"?
> >>>>>
> >>>>> Here is a more complete fix for the bug:
> >>>>>
> >>>>> https://d/
> >>>>> atatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-cose-key-thumbprint-
> >>>>> 06%23section-5.3&data=05%7C02%7C%7C9544d46df66b4fad833008dd163551d
> >>>>> a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638691140465289880%
> >>>>> 7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMC
> >>>>> IsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sd
> >>>>> ata=ZBvwAnUBGfT%2BqBIzr8O%2F1BfCk7G30uNd0Km1Ympuews%3D&reserved=0
> >>>>>
> >>>>> Note that the ckt of a cose key, and jkt of a json web key are
> different, even when underlying cryptographic key material is the same.
> >>>>>
> >>>>> ckt is a binary string and jkt is always a base64url string encoded
> as described in section 6.1 of RFC9449.
> >>>>> To use a ckt claim inside a JWT, the ckt claim value MUST be
> base64url encoded.
> >>>>> The example provided in section 6.1 of RFC9449 is modified to
> distinguish confirmation with a CKT instead of JKT:
> >>>>> {
> >>>>> "sub":"some...@example.com",
> >>>>> "iss":"https://na01.safelinks.protection.outlook.com/?url=https%3A
> >>>>> %2F%2Fserver.example.com%2F&data=05%7C02%7C%7C9544d46df66b4fad8330
> >>>>> 08dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63869114
> >>>>> 0465300783%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiI
> >>>>> wLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%
> >>>>> 7C%7C%7C&sdata=Cu%2BM21nJCIo93bexflhYWLtFa%2BdJI7smavIJA%2FSuCow%3
> >>>>> D&reserved=0",
> >>>>> "nbf":1562262611,
> >>>>> "exp":1562266216,
> >>>>> "cnf": {
> >>>>>   "ckt":"SWvYr63zB-WwjGSwQhv53AFSijRKQ72oj63RZp2iU-w"
> >>>>> }
> >>>>> }
> >>>>>
> >>>>> I used the same base64url encoded thumbprint the draft already used
> for extra clarity.
> >>>>>
> >>>>> ckt would also need to be added here:
> >>>>> https://w/
> >>>>> ww.iana.org%2Fassignments%2Fjwt%2Fjwt.xhtml%23confirmation-methods
> >>>>> &data=05%7C02%7C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f6
> >>>>> 40afb435aaaaaaaaaaaa%7C1%7C0%7C638691140465311278%7CUnknown%7CTWFp
> >>>>> bGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMi
> >>>>> IsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=a6xSVN2MN1U%
> >>>>> 2BULiMQ6Ie%2BVoiEhw26l1ZYGLi90Y5eMg%3D&reserved=0
> >>>>>
> >>>>> This kind of change might need to be taken to the relevant lists for
> review... and maybe another WGLC.
> >>>>>
> >>>>> ... we could leave the "ckt" in JWT cnf registration to another
> document, but I think at a minimum we need something added to section 5.3
> to the effect of:
> >>>>>
> >>>>> Note that the ckt of a cose key, and jkt of a json web key are
> different, even when underlying cryptographic key material is the same.
> >>>>> ckt is a binary string and jkt is always a base64url string encoded
> as described in section 6.1 of RFC9449.
> >>>>>
> >>>>> ^ If we are comfortable with this change alone, we still have a
> problem with the registration template:
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Frfc%2Frfc8747.html%23name-registration-templat
> >>>>> e&data=05%7C02%7C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f
> >>>>> 640afb435aaaaaaaaaaaa%7C1%7C0%7C638691140465322198%7CUnknown%7CTWF
> >>>>> pbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zM
> >>>>> iIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=MegV9xM3Bdk
> >>>>> 2%2Bi%2BF7KXaLbdMuDj0cDAugZkgLYOotDU%3D&reserved=0
> >>>>>
> >>>>> """
> >>>>> CWT claims should normally have a corresponding JWT claim. If a
> corresponding JWT claim would not make sense, the designated experts can
> choose to accept registrations for which the JWT Claim Name is listed as
> "N/A".
> >>>>> """
> >>>>>
> >>>>> The logical JWT claim is "ckt"... not "jkt"... so N/A... does not
> make sense... and leaving it blank also does not make sense.
> >>>>>
> >>>>> There is also the x5t claim which sets the precedent that ckt is for
> cose key, jkt is for json web key, and x5t is for x.509 certs.
> >>>>>
> >>>>> I propose:
> >>>>>
> >>>>> From:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name:  jkt
> >>>>>
> >>>>> To:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name: Not assigned by RFCXXXX ( not to be
> >>>>> confused with x5t or jkt )
> >>>>>
> >>>>>
> >>>>> OS
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Mon, Dec 2, 2024 at 4:14 PM Hannes Tschofenig <
> hannes.tschofe...@gmail.com> wrote:
> >>>>>
> >>>>> Thanks for the work on the draft and sorry for the slow response.
> >>>>>
> >>>>>
> >>>>>
> >>>>> I read through the draft carefully today and in general the edits
> look good but I noticed a possible bug.
> >>>>>
> >>>>>
> >>>>>
> >>>>> In the IANA consideration section we say that the ckt confirmation
> method maps to the jkt JWT configuration method. I double-checked RFC 9449,
> which defines the jkt, and it defines the computation as follows:
> >>>>>
> >>>>> "
> >>>>> The value of the jkt member MUST be the base64url encoding
> >>>>>
> >>>>> of the JWK SHA-256 Thumbprint.
> >>>>> "
> >>>>>
> >>>>> In draft-ietf-cose-key-thumbprint-06 we define the ckt thumbprint as
> the hash of the deterministic encoding of the COSE_Key structure.
> >>>>>
> >>>>>
> >>>>>
> >>>>> So, the question to me is whether we can even map the ckt to the jkt
> since the underlying structure that is hashed is different: JWK vs.
> COSE_Key structure.
> >>>>>
> >>>>>
> >>>>>
> >>>>> For that reason I believe it would be more correct to change the
> IANA consideration section by omitting the JWT Confirmation Method Name.
> >>>>>
> >>>>> Here is the proposed change:
> >>>>>
> >>>>> From:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name:  jkt
> >>>>>
> >>>>>
> >>>>> To:
> >>>>>
> >>>>>  Confirmation Method Name:  ckt
> >>>>>  Confirmation Method Description:  COSE Key SHA-256 Thumbprint
> >>>>> JWT Confirmation Method Name:
> >>>>>
> >>>>>
> >>>>> Do you agree with me?
> >>>>>
> >>>>>
> >>>>>
> >>>>> Sorry for noticing this issue only now.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Ciao
> >>>>>
> >>>>> Hannes
> >>>>>
> >>>>>
> >>>>>
> >>>>> Betreff:
> >>>>>
> >>>>> AUTH48: RFC-to-be 9679 <draft-ietf-cose-key-thumbprint-06> for
> >>>>> your review
> >>>>>
> >>>>> Datum:
> >>>>>
> >>>>> Mon, 21 Oct 2024 14:30:59 -0700 (PDT)
> >>>>>
> >>>>> Von:
> >>>>>
> >>>>> rfc-edi...@rfc-editor.org
> >>>>>
> >>>>> An:
> >>>>>
> >>>>> isobeko...@gmail.com, hannes.tschofe...@gmx.net,
> >>>>> orie@transmute.industries
> >>>>>
> >>>>> Kopie (CC):
> >>>>>
> >>>>> rfc-edi...@rfc-editor.org, cose-...@ietf.org,
> >>>>> cose-cha...@ietf.org, michael_b_jo...@hotmail.com,
> >>>>> paul.wout...@aiven.io, auth48archive@rfc-editor.org
> >>>>>
> >>>>>
> >>>>>
> >>>>> *****IMPORTANT*****
> >>>>>
> >>>>> Updated 2024/10/21
> >>>>>
> >>>>> RFC Author(s):
> >>>>> --------------
> >>>>>
> >>>>> Instructions for Completing AUTH48
> >>>>>
> >>>>> Your document has now entered AUTH48. Once it has been reviewed and
> approved by you and all coauthors, it will be published as an RFC. If an
> author is no longer available, there are several remedies available as
> listed in the FAQ (https://www.rfc-editor.org/faq/).
> >>>>>
> >>>>> You and you coauthors are responsible for engaging other parties
> (e.g., Contributors or Working Group) as necessary before providing your
> approval.
> >>>>>
> >>>>> Planning your review ---------------------
> >>>>>
> >>>>> Please review the following aspects of your document:
> >>>>>
> >>>>> * RFC Editor questions
> >>>>>
> >>>>> Please review and resolve any questions raised by the RFC Editor
> that have been included in the XML file as comments marked as follows:
> >>>>>
> >>>>> <!-- [rfced] ... -->
> >>>>>
> >>>>> These questions will also be sent in a subsequent email.
> >>>>>
> >>>>> * Changes submitted by coauthors
> >>>>> Please ensure that you review any changes submitted by your
> coauthors. We assume that if you do not speak up that you agree to changes
> submitted by your coauthors.
> >>>>>
> >>>>> * Content
> >>>>> Please review the full content of the document, as this cannot
> change once the RFC is published. Please pay particular attention to:
> >>>>> - IANA considerations updates (if applicable)
> >>>>> - contact information
> >>>>> - references
> >>>>>
> >>>>> * Copyright notices and legends
> >>>>>
> >>>>> Please review the copyright notice and legends as defined in RFC
> >>>>> 5378 and the Trust Legal Provisions (TLP –
> https://trustee.ietf.org/license-info).
> >>>>>
> >>>>> * Semantic markup
> >>>>>
> >>>>> Please review the markup in the XML file to ensure that elements of
> content are correctly tagged. For example, ensure that <sourcecode> and
> <artwork> are set correctly. See details at <
> https://authors.ietf.org/rfcxml-vocabulary>.
> >>>>>
> >>>>> * Formatted output
> >>>>>
> >>>>> Please review the PDF, HTML, and TXT files to ensure that the
> formatted output, as generated from the markup in the XML file, is
> reasonable. Please note that the TXT will have formatting limitations
> compared to the PDF and HTML.
> >>>>>
> >>>>>
> >>>>> Submitting changes
> >>>>> ------------------
> >>>>>
> >>>>> To submit changes, please reply to this email using ‘REPLY ALL’ as
> all the parties CCed on this message need to see your changes. The parties
> include:
> >>>>>
> >>>>> * your coauthors
> >>>>> * rfc-edi...@rfc-editor.org (the RPC team)
> >>>>>
> >>>>> * other document participants, depending on the stream (e.g., IETF
> Stream participants are your working group chairs, the responsible ADs, and
> the document shepherd).
> >>>>> * auth48archive@rfc-editor.org, which is a new archival mailing
> list to preserve AUTH48 conversations; it is not an active discussion list:
> >>>>> * More info:
> >>>>> https://m/
> >>>>> ailarchive.ietf.org%2Farch%2Fmsg%2Fietf-announce%2Fyb6lpIGh-4Q9l2U
> >>>>> SxIAe6P8O4Zc&data=05%7C02%7C%7C9544d46df66b4fad833008dd163551da%7C
> >>>>> 84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638691140465367921%7CUn
> >>>>> known%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIl
> >>>>> AiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=
> >>>>> obkx%2F40yWUGklVC2%2BYJOxWHa8g1LEBHGVq8w8PJo4OE%3D&reserved=0
> >>>>> * The archive itself:
> >>>>> https://m/
> >>>>> ailarchive.ietf.org%2Farch%2Fbrowse%2Fauth48archive%2F&data=05%7C0
> >>>>> 2%7C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaa
> >>>>> aaaaaaaa%7C1%7C0%7C638691140465379116%7CUnknown%7CTWFpbGZsb3d8eyJF
> >>>>> bXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTW
> >>>>> FpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=d%2BHWx1t%2FHc3FWu%2Bf5Z
> >>>>> MA2K6%2Bqzjr%2FvYTlSqs9JRDU1g%3D&reserved=0
> >>>>>
> >>>>> * Note: If only absolutely necessary, you may temporarily opt out of
> the archiving of messages (e.g., to discuss a sensitive matter).
> >>>>> If needed, please add a note at the top of the message that you have
> dropped the address. When the discussion is concluded,
> auth48archive@rfc-editor.org will be re-added to the CC list and its
> addition will be noted at the top of the message.
> >>>>> You may submit your changes in one of two ways:
> >>>>>
> >>>>> An update to the provided XML file — OR — An explicit list of
> >>>>> changes in this format
> >>>>>
> >>>>> Section # (or indicate Global)
> >>>>>
> >>>>> OLD:
> >>>>> old text
> >>>>>
> >>>>> NEW:
> >>>>> new text
> >>>>>
> >>>>> You do not need to reply with both an updated XML file and an
> explicit list of changes, as either form is sufficient.
> >>>>>
> >>>>> We will ask a stream manager to review and approve any changes
> >>>>> that seem beyond editorial in nature, e.g., addition of new text,
> deletion of text, and technical changes. Information about stream managers
> can be found in the FAQ. Editorial changes do not require approval from a
> stream manager.
> >>>>>
> >>>>>
> >>>>> Approving for publication
> >>>>> --------------------------
> >>>>>
> >>>>> To approve your RFC for publication, please reply to this email
> >>>>> stating that you approve this RFC for publication. Please use
> >>>>> ‘REPLY ALL’, as all the parties CCed on this message need to see
> your approval.
> >>>>>
> >>>>>
> >>>>> Files -----
> >>>>>
> >>>>> The files are available here:
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679.xml&data=05%7C02%7C%7C9544d4
> >>>>> 6df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%
> >>>>> 7C0%7C638691140465389898%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiO
> >>>>> nRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjo
> >>>>> yfQ%3D%3D%7C0%7C%7C%7C&sdata=tcSkll368Dg%2BzOMSk%2FRb%2FWNyBUXimvr
> >>>>> NaW0UybSTx%2Fs%3D&reserved=0
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679.html&data=05%7C02%7C%7C9544d
> >>>>> 46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1
> >>>>> %7C0%7C638691140465400400%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGki
> >>>>> OnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIj
> >>>>> oyfQ%3D%3D%7C0%7C%7C%7C&sdata=j1DCaezvNW8XL2%2FhW58e7EccIiR%2FtILE
> >>>>> AkyeaVlHX0c%3D&reserved=0
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679.pdf&data=05%7C02%7C%7C9544d4
> >>>>> 6df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%
> >>>>> 7C0%7C638691140465411063%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiO
> >>>>> nRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjo
> >>>>> yfQ%3D%3D%7C0%7C%7C%7C&sdata=zcQN%2FWA5p2O%2Bxpl2osMNyXaG4If8yNUo3
> >>>>> 6WCuhwh1ng%3D&reserved=0
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679.txt&data=05%7C02%7C%7C9544d4
> >>>>> 6df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%
> >>>>> 7C0%7C638691140465421715%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiO
> >>>>> nRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjo
> >>>>> yfQ%3D%3D%7C0%7C%7C%7C&sdata=OKgr9qYu8sbcVXqe4JdTALXhd8wgRVCabtqC0
> >>>>> d7sNtk%3D&reserved=0
> >>>>>
> >>>>> Diff file of the text:
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679-diff.html&data=05%7C02%7C%7C
> >>>>> 9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaa
> >>>>> a%7C1%7C0%7C638691140465432408%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1
> >>>>> hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsI
> >>>>> ldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dqdmC05LpkNX37Haih7URniw9P%2Baa
> >>>>> P5Iin4%2F0bmNdU4%3D&reserved=0
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679-rfcdiff.html&data=05%7C02%7C
> >>>>> %7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaa
> >>>>> aaaa%7C1%7C0%7C638691140465443134%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0
> >>>>> eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbC
> >>>>> IsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=MaQUhUwZo%2BWsex%2FYXkUXZHtM
> >>>>> 6Pln4QBnpO0dhxTyCQk%3D&reserved=0 (side by side)
> >>>>>
> >>>>> Diff of the XML:
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauthors%2Frfc9679-xmldiff1.html&data=05%7C02%7
> >>>>> C%7C9544d46df66b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaa
> >>>>> aaaaa%7C1%7C0%7C638691140465453825%7CUnknown%7CTWFpbGZsb3d8eyJFbXB
> >>>>> 0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpb
> >>>>> CIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FQ8eUMTddYOqhvN%2FtyBTiBeLk
> >>>>> kkiaavzAAZwALEXVCg%3D&reserved=0
> >>>>>
> >>>>>
> >>>>> Tracking progress
> >>>>> -----------------
> >>>>>
> >>>>> The details of the AUTH48 status of your document are here:
> >>>>> https://w/
> >>>>> ww.rfc-editor.org%2Fauth48%2Frfc9679&data=05%7C02%7C%7C9544d46df66
> >>>>> b4fad833008dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7
> >>>>> C638691140465464782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW
> >>>>> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >>>>> D%3D%7C0%7C%7C%7C&sdata=hnDXLcg9vwznYUysGzdoJwz4srLanOzY%2BR1gld57
> >>>>> hp8%3D&reserved=0
> >>>>>
> >>>>> Please let us know if you have any questions.
> >>>>> Thank you for your cooperation,
> >>>>>
> >>>>> RFC Editor
> >>>>>
> >>>>> --------------------------------------
> >>>>> RFC9679 (draft-ietf-cose-key-thumbprint-06)
> >>>>>
> >>>>> Title : CBOR Object Signing and Encryption (COSE) Key Thumbprint
> >>>>> Author(s) : K. Isobe, H. Tschofenig, O. Steele WG Chair(s) :
> >>>>> Matthew A. Miller, Ivaylo Petrov, Michael B. Jones
> >>>>>
> >>>>> Area Director(s) : Deb Cooley, Paul Wouters
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>>
> >>>>>
> >>>>> ORIE STEELE
> >>>>> Chief Technology Officer
> >>>>> http://ww/
> >>>>> w.transmute.industries%2F&data=05%7C02%7C%7C9544d46df66b4fad833008
> >>>>> dd163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6386911404
> >>>>> 65475371%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwL
> >>>>> jAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C
> >>>>> %7C%7C&sdata=wLqU3MNLNYTqffiEL9zMRDDkXHYGRpuPObM93Swn4JA%3D&reserv
> >>>>> ed=0
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>>
> >>>> ORIE STEELE
> >>>> Chief Technology Officer
> >>>> http://www/
> >>>> .transmute.industries%2F&data=05%7C02%7C%7C9544d46df66b4fad833008dd
> >>>> 163551da%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6386911404654
> >>>> 87222%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuM
> >>>> DAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7
> >>>> C&sdata=wNvQdi82LeneJ19AqYYISfVEA%2BYLywAZ3ec%2BymPIVSE%3D&reserved
> >>>> =0
> >>>>
> >>>
> >>
> >
>
>

-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

-- 
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org