IETF Logo Mail Archive

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

Jim Schaad <ietf@augustcellars.com> Mon, 26 February 2018 21:47 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E47D8126DFB; Mon, 26 Feb 2018 13:47:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AkC3oq7jogHC; Mon, 26 Feb 2018 13:47:41 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13D34126C2F; Mon, 26 Feb 2018 13:47:41 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 26 Feb 2018 13:45:50 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Dan Romascanu' <dromasca@gmail.com>
CC: 'gen-art' <gen-art@ietf.org>, ace@ietf.org, 'ietf' <ietf@ietf.org>, draft-ietf-ace-cbor-web-token.all@ietf.org
References: <151967178760.21771.14005895812023525211@ietfa.amsl.com> <021201d3af3e$1f204cc0$5d60e640$@augustcellars.com> <CAFgnS4USoaMrDSbvOZj4Pwg3DprMNNxrHoPn+DK-YjVNB-Jrog@mail.gmail.com>
In-Reply-To: <CAFgnS4USoaMrDSbvOZj4Pwg3DprMNNxrHoPn+DK-YjVNB-Jrog@mail.gmail.com>
Date: Mon, 26 Feb 2018 13:47:31 -0800
Message-ID: <022401d3af4b$69813600$3c83a200$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0225_01D3AF08.5B5F2E80"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQFwM0g/CEx2cEygtLHnG1KjSGnjDwJPOi8kAfvAzWykW9gusA==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/tcgduukPjzgjxHs_mwuJV1S0jvk>
Subject: Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 21:47:44 -0000

 

 

From: Dan Romascanu [mailto:dromasca@gmail.com] 
Sent: Monday, February 26, 2018 1:19 PM
To: Jim Schaad <ietf@augustcellars.com>
Cc: gen-art <gen-art@ietf.org>; ace@ietf.org; ietf <ietf@ietf.org>; draft-ietf-ace-cbor-web-token.all@ietf.org
Subject: Re: Genart telechat review of draft-ietf-ace-cbor-web-token-12

 

Hi Jim,

Thank you for your answer and for addressing my comments. 

On item #2: 



 

On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > wrote:



> -----Original Message-----
> From: Dan Romascanu [mailto:dromasca@gmail.com <mailto:dromasca@gmail.com> ]
>

 

... 

>
> 2. I am a little confused by the definition of policies in Section 9.1:
>
>    Depending upon the values being requested, registration requests are
>    evaluated on a Standards Track Required, Specification Required,
>    Expert Review, or Private Use basis [RFC8126] after a three-week
>    review period on the cwt-reg-review@ietf.org <mailto:cwt-reg-review@ietf.org>  mailing list, on the
>    advice of one or more Designated Experts.
>
> How does this work? The request is forwarded to the designated expert,
> he/she make a recommendation concerning the policy on the mail list, and
> depending on the feedback received a policy is selected? Who establishes
> consensus?
>
> Frankly, I wonder if this can work at all. Are there other examples of four
> different policies for the same registry, applied on a case-to-case basis?

This is the same approach that is being used for the COSE registries.  As an example, you can look at https://www.iana.org/assignments/cose/cose.xhtml#algorithms.

Part of the issue about this is that the JOSE/JWT registries do have the same different policies, but that differences are hidden from the IANA registry.  Since they allow for a URI to be used as the identifier of a field, only the plain text versions are registered.  Thus I can use "http://augustcellars.com/JWT/My_Tag" as an identifier.  Since for CBOR the set of tag values is closed and does not have this escape (nor would one want the length of the tag) it is necessary to have this break down of tag fields.




 

This does not seem to be exactly the same approach. The COSE RFC 8152 defines the registry policy in a different manner. There is only one policy that is proposed 'Expert Review' and than the Expert Review Instructions are used to define the cases when a Standards Track specification is required. No such text exists in the current I-D. There is no separation of the values space in the registry according to the type of assignment here, as  in RFC 8152. 

 

[JLS] The policies look to be the same to me, but I may be missing something that you are seeing..  Remember that Specification Required implies Expert review.

Regards,

Dan

v2.23.0 | Report a Bug | By Email