Re: [Ace] Adam Roach's No Objection on draft-ietf-ace-cbor-web-token-13: (with COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Thu, 08 March 2018 05:47 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA7F1241F3; Wed, 7 Mar 2018 21:47:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XiApjeMp1CU; Wed, 7 Mar 2018 21:47:15 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0110.outbound.protection.outlook.com [104.47.37.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 412D11201FA; Wed, 7 Mar 2018 21:47:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ofr78WPy9YccVdFw1sR0qD13WOR/NvHub/r6Jap4sf0=; b=oQkAiYwhFMiQ8LnDYJR2og6MwAnbILa8w10CTCpwPvVrDFQHgX2tdlhdQFQlFdXie1FOy5QiXn/k5THsKCvai2vVLmvnbrj/4+e41noUfSrityAWZDUSBJj5k8GyriAQONEYn102xh/chc26mCh/CiAZq5al/TPaJ6fcuDd4sMI=
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0942.namprd21.prod.outlook.com (52.132.114.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.7; Thu, 8 Mar 2018 05:47:13 +0000
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0588.008; Thu, 8 Mar 2018 05:47:13 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Adam Roach <adam@nostrum.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-ace-cbor-web-token@ietf.org" <draft-ietf-ace-cbor-web-token@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Adam Roach's No Objection on draft-ietf-ace-cbor-web-token-13: (with COMMENT)
Thread-Index: AQHTtnEvK2OssFOs2U+GLb0WT/+1z6PFvb+AgAAV27A=
Date: Thu, 08 Mar 2018 05:47:13 +0000
Message-ID: <SN6PR2101MB094361203E6C9741F2511A7EF5DF0@SN6PR2101MB0943.namprd21.prod.outlook.com>
References: <152046753224.21454.8592401400498503627.idtracker@ietfa.amsl.com> <20180308042415.GA27850@mit.edu>
In-Reply-To: <20180308042415.GA27850@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.88.236]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0942; 7:0ac1SYy2BDvVFImJnZPF3jLWXb9clg6rw5wNxK93bdlbBIo8X74MFv15RtFSqjsD4I+DDYp4ZeMcL9m/aw3hiI6Jit3FlQve9hXTki+6hHiNw3bsd/brcbMYUgBwyYcUq8UJXM6b8/PMK7KyLD5qRzkr1UFTs1kSedM7wOmkINJxhKLSfVdLQAdWzeCpFTqxp4NXYwHOT6dwQNV8WrJRaiSeA0yQjnb4qscuRttdMD1n2cDl0qr/G8gncQaocbbe; 20:8wdHF9iZddPZzyAh3ZWhEvNQmCsMdMIsm8mjPK6FTw2BWyRUGaHq5j4uHa7PfvokrWcJIPn2+zHX/nFjh2pwONRriGl4oZrxYNd2AcAUAMCJnvxZZNa9CGYl66DMW1pYaZCXhTVYoChlhbZ/6CMlOvNX4HCXeeZ0yOhdkdVgPvI=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 300171c8-ffa0-4cf0-7a31-08d584b80b0c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:SN6PR2101MB0942;
x-ms-traffictypediagnostic: SN6PR2101MB0942:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <SN6PR2101MB0942711629AFB43F8946963FF5DF0@SN6PR2101MB0942.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(788757137089)(240460790083961);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231220)(944501244)(52105095)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:SN6PR2101MB0942; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0942;
x-forefront-prvs: 060503E79B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(39380400002)(366004)(346002)(396003)(189003)(199004)(51444003)(13464003)(10090500001)(3280700002)(2906002)(6506007)(53546011)(55016002)(8936002)(5250100002)(26005)(105586002)(6436002)(97736004)(72206003)(6246003)(316002)(59450400001)(9686003)(22452003)(106356001)(2171002)(478600001)(76176011)(2900100001)(86362001)(110136005)(86612001)(54906003)(53936002)(10290500003)(229853002)(14454004)(74316002)(25786009)(3846002)(6116002)(99286004)(8676002)(81156014)(81166006)(5660300001)(68736007)(8990500004)(66066001)(4326008)(3660700001)(7696005)(33656002)(102836004)(7736002)(305945005)(186003)(2950100002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0942; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: vgJDB+XuFiI/NxU4RJfsxrzGrkhyV6Tv1UWS9mfECUN5rIRmqI5ngM7ceYKemzH5gCnESlHI57hg2Fs2Ih55K6ZNTKpT+3s4IGw+jogrbTOPumshhppQbMF6Eurd1hyzLoVkbpS+O9lkv5ur96HzF/R1S2KQkkDeabbYrw+BYIu/at7GeWR9olCxCLyxRyOtRlJgmXpCeDjfXu3qA0MwiiesWFdlKoiC5gL+e1oPcaRBoMsGKLd+AAQBkb3pRLl/X+X3nDPHpA/aSMGzX9yLougdmRW8gaAbdcbPahi8nueoEWfrIRID1mw2j6Xpv2DDEJllILlBdW79Obf0jrre/g==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 300171c8-ffa0-4cf0-7a31-08d584b80b0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2018 05:47:13.5798 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0942
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/0SKXqIYAg7vJY2-G1MO_IJkJXU0>
Subject: Re: [Ace] Adam Roach's No Objection on draft-ietf-ace-cbor-web-token-13: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 05:47:17 -0000
Thanks, Ben and Adam. I've recoded a note to address the improvements below one the submission tool reopens. For what it's worth, I independently noticed the unintended overlap between the Standards Action and Specification Required number ranges in a conversation today with IANA. The point of including new CWT definitions for "StringOrURI" and "NumericDate" was so that we could use them directly. Prefixing them with "CWT" isn't necessary for the meaning to be clear in context. Thanks both for the attention to detail. -- Mike -----Original Message----- From: Benjamin Kaduk <kaduk@mit.edu> Sent: Wednesday, March 7, 2018 8:24 PM To: Adam Roach <adam@nostrum.com> Cc: The IESG <iesg@ietf.org>; draft-ietf-ace-cbor-web-token@ietf.org; ace-chairs@ietf.org; ace@ietf.org Subject: Re: Adam Roach's No Objection on draft-ietf-ace-cbor-web-token-13: (with COMMENT) Hi Adam, With my shepherd hat... On Wed, Mar 07, 2018 at 04:05:32PM -0800, Adam Roach wrote: > > Thanks to the WG, chairs, and > > §3.1.1: > > > The "iss" (issuer) claim has the same meaning and processing rules > > as the "iss" claim defined in Section 4.1.1 of [RFC7519], except > > that the value is of type StringOrURI. The Claim Key 1 is used to > > identify this claim. > > > 1) Given that RFC 7159 defines "iss" to contain a "StringOrURI" value, it's > not clear what the "except" clause is attempting to convey. I had to ask about this as well -- the crux is that the "StringOrURI" JWT type is different from the CWT "StringOrURI" type. IIRC there used to be an extra descriptor in here but it was removed as redundant. > 2) Given the many uses of the word "type" in this context (including CBOR > types and the JWT 'typ' field), and given that RFC 7519 never refers to > "StringOrURI" as a "type," I think that the use of the word "type" here > is likely to lead to reader confusion. In combination with the above, maybe we want "the value is a CWT StringOrURI value". Authors? > This comment -- or a congruent form of it involving "NumericDate" > rather than "StringOrURI" -- applies to §3.1.2 through §3.1.6. (Right.) > ---------------------------------------------------------------------- > ----- > > §9.1: > > > Criteria that should be applied by the Designated Experts includes > > determining whether the proposed registration duplicates existing > > functionality, whether it is likely to be of general applicability > > or whether it is useful only for a single application, and whether > > the registration description is clear. Registrations for the > > limited set of values between -256 and 255 and strings of length 1 > > are to be restricted to claims with general applicability. > > Use of the word "between" without qualifying it as inclusive or > exclusive of the endpoints is ambiguous. Suggest either "values from > -256 to 255" or "values between -256 and 255 inclusive". Agreed, it should be qualified as inclusive. > ---------------------------------------------------------------------- > ----- > > §9.1.1: > > > CBOR map key for the claim. Different ranges of values use > > different registration policies [RFC8126]. Integer values between > > -256 and 255 and strings of length 1 are designated as Standards > > Action. Integer values from -65536 to 65535 and strings of length > > 2 are designated as Specification Required > > Same comment as above. > > Also, please replace "from -65536 to 65535" with "from -65536 to -257 > and from > 256 to 65535". Good catch! Thanks, Ben
- [Ace] Adam Roach's No Objection on draft-ietf-ace… Adam Roach
- Re: [Ace] Adam Roach's No Objection on draft-ietf… Benjamin Kaduk
- Re: [Ace] Adam Roach's No Objection on draft-ietf… Mike Jones
- Re: [Ace] Adam Roach's No Objection on draft-ietf… Adam Roach
- Re: [Ace] Adam Roach's No Objection on draft-ietf… Mike Jones
- Re: [Ace] Adam Roach's No Objection on draft-ietf… Jim Schaad