<div dir="ltr"><div>No, not really. I was just looking to validate my own implementation and using (abusing) these lists seemed like a decent way to do it. <br><br></div>I mean, from a developer's perspective, I find examples that can be used to validate implementation to be extremely useful.  But, at this point, RFC 7638 is probably just fine as it is.  <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 22, 2015 at 1:45 PM, Jim Schaad <span dir="ltr"><<a href="mailto:ietf@augustcellars.com" target="_blank">ietf@augustcellars.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Brian,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Are you thinking that the set of examples should be expanded?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Jim<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt"><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> jose [mailto:<a href="mailto:jose-bounces@ietf.org" target="_blank">jose-bounces@ietf.org</a>] <b>On Behalf Of </b>Brian Campbell<br><b>Sent:</b> Tuesday, September 22, 2015 10:47 AM<br><b>To:</b> Manger, James <<a href="mailto:James.H.Manger@team.telstra.com" target="_blank">James.H.Manger@team.telstra.com</a>><br><b>Cc:</b> <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>> <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>; <a href="mailto:jose@ietf.org" target="_blank">jose@ietf.org</a><br><b>Subject:</b> Re: [jose] [Openid-specs-ab] JWK Thumbprint / RFC 7638<u></u><u></u></span></p></div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt">Thanks James. That's still useful validation.  <u></u><u></u></p></div><p class="MsoNormal">For whatever it's worth, shortly after I sent the message yesterday I noticed the nimbus library announced support for JWK thumbprints. So I compared some results with that implementation. Nimbus had a small defect calculating thumbprints for "oct" key types but, once that was fixed, also produced the same results. So I'm reasonably confident these examples are correct. <u></u><u></u></p></div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p></div></div></div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">On Mon, Sep 21, 2015 at 6:09 PM, Manger, James <<a href="mailto:James.H.Manger@team.telstra.com" target="_blank">James.H.Manger@team.telstra.com</a>> wrote:<u></u><u></u></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in"><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" lang="EN-AU">I got the same results, Brian — though using some manual tools, not a proper library.</span><span lang="EN-AU"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" lang="EN-AU"> </span><span lang="EN-AU"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" lang="EN-AU">--</span><span lang="EN-AU"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" lang="EN-AU">James Manger</span><span lang="EN-AU"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" lang="EN-AU"> </span><span lang="EN-AU"><u></u><u></u></span></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> Openid-specs-ab [mailto:<a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank">openid-specs-ab-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Brian Campbell<br><b>Sent:</b> Tuesday, 22 September 2015 1:43 AM<br><b>To:</b> <a href="mailto:jose@ietf.org" target="_blank">jose@ietf.org</a>; <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>><br><b>Subject:</b> [Openid-specs-ab] JWK Thumbprint / RFC 7638</span><span lang="EN-AU"><u></u><u></u></span></p></div><div><div><p class="MsoNormal"><span lang="EN-AU"> <u></u><u></u></span></p><div><p class="MsoNormal"><span lang="EN-AU">I added JWK Thumbprint support to my <a href="https://bitbucket.org/b_c/jose4j" target="_blank">JOSE/JWT library</a> this morning. Does anyone else have an implementation handy?<br><br>The <a href="http://tools.ietf.org/html/rfc7638#section-3.1" target="_blank">example in section 3.1</a> provided a nice opportunity to check my work with an "RSA" key type. However, there are no examples for "EC" or "oct" keys. While it should be pretty straightforward to implement, for me anyway, dumb little mistakes are certainly within the realm of possibility. So, if anyone would like to check their work against mine, a few JWKs followed by the base64url encoded SHA-256 hash of the RFC 7638 thumbprint are below. I'd be interested to hear if folks can (hopefully) reproduce the same results.<u></u><u></u></span></p><div><p class="MsoNormal"><span style="font-family:"Courier New"" lang="EN-AU"><br>{"kty":"oct",<br> "k":"ZW8Eg8TiwoT2YamLJfC2leYpLgLmUAh_PcMHqRzBnMg"}<br>7WWD36NF4WCpPaYtK47mM4o0a5CCeOt01JXSuMayv5g<br><br><br>{"kty":"EC",<br> "x":"CEuRLUISufhcjrj-32N0Bvl3KPMiHH9iSw4ohN9jxrA",<br> "y":"EldWz_iXSK3l_S7n4w_t3baxos7o9yqX0IjzG959vHc",<br> "crv":"P-256"}<br>j4UYwo9wrtllSHaoLDJNh7MhVCL8t0t8cGPPzChpYDs<br><br><br>{"kty":"EC",<br> "x":"Aeq3uMrb3iCQEt0PzSeZMmrmYhsKP5DM1oMP6LQzTFQY9-F3Ab45xiK4AJxltXEI-87g3gRwId88hTyHgq180JDt",<br> "y":"ARA0lIlrZMEzaXyXE4hjEkc50y_JON3qL7HSae9VuWpOv_2kit8p3pyJBiRb468_U5ztLT7FvDvtimyS42trhDTu",<br> "crv":"P-521"}<br>rz4Ohmpxg-UOWIWqWKHlOe0bHSjNUFlHW5vwG_M7qYg<br><br><br>{"kty":"EC",<br> "x":"2jCG5DmKUql9YPn7F2C-0ljWEbj8O8-vn5Ih1k7Wzb-y3NpBLiG1BiRa392b1kcQ",<br> "y":"7Ragi9rT-5tSzaMbJlH_EIJl6rNFfj4V4RyFM5U2z4j1hesX5JXa8dWOsE-5wPIl",<br> "crv":"P-384"}<br>vZtaWIw-zw95JNzzURg1YB7mWNLlm44YZDZzhrPNetM<br><br><br>{"kty":"oct","k":"NGbwp1rC4n85A1SaNxoHow"}<br>5_qb56G0OJDw-lb5mkDaWS4MwuY0fatkn9LkNqUHqMk</span><span lang="EN-AU"><u></u><u></u></span></p></div></div></div></div></div></div></blockquote></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div></div></blockquote></div><br></div>