Re: [Acme] JOSE usage (was Re: WG meeting at IETF 93)

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 06 July 2015 15:19 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024061B2A89 for <acme@ietfa.amsl.com>; Mon, 6 Jul 2015 08:19:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6U3IVprtgpX for <acme@ietfa.amsl.com>; Mon, 6 Jul 2015 08:19:40 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E31E51B2AB9 for <acme@ietf.org>; Mon, 6 Jul 2015 08:19:25 -0700 (PDT)
Received: by lagc2 with SMTP id c2so158666626lag.3 for <acme@ietf.org>; Mon, 06 Jul 2015 08:19:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=OiiTMg34JWktfxflB2fPhxNKZ2TgmFi9K1vUUsKFXKo=; b=DCCCWdxI/kHTyBnXGWu6ve/cGFT9UPNKF6XcAYO6OzKk0bCK/esOp8XOiA+SANjGxP it9dShS8TcjV4z6z3B3pmF/kdgTkGoBcFmdqeWsgdxV9kf9XBjWV46GiwupEe4WHZ812 Js84acXRz8Gjx4c1pvx98i4sjfAjEeqevTucKHRUDeeE7sAnM7NJ3tI+z5BhpSgCJkF8 SyWJzHttlh8MWIQagVZgxMTa7sCiOceewQL8mbPocuclRR+sJf1UG7miB9xHmRtsQ1j0 HwKrlw5KZSs5DIKCS+vz3bg1T5Y12UU2FdertrtPlh3/iK7ooxv8CQGxmk5DJDTM/JfN /SmA==
MIME-Version: 1.0
X-Received: by 10.112.40.99 with SMTP id w3mr37659165lbk.55.1436195963472; Mon, 06 Jul 2015 08:19:23 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 6 Jul 2015 08:19:23 -0700 (PDT)
In-Reply-To: <CAL02cgTG50h_XYT6vSh+QczGEPfeh0ueBu=cK5dBeN8-=HpR-A@mail.gmail.com>
References: <CAL02cgTG50h_XYT6vSh+QczGEPfeh0ueBu=cK5dBeN8-=HpR-A@mail.gmail.com>
Date: Mon, 6 Jul 2015 11:19:23 -0400
X-Google-Sender-Auth: WBBrnnqwxOVdXvSX56bpK28fdm0
Message-ID: <CAMm+LwhZy9HvF6T+9=U2ihUq6353gh6mcXgDPbt=FgA0A8RUjw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary=001a11336f963b1345051a366eab
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/-qia8dL64DmXpMQzmj_ZrzUUZoc>
Cc: "Salz, Rich" <rsalz@akamai.com>, Ted Hardie <ted.ietf@gmail.com>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] JOSE usage (was Re: WG meeting at IETF 93)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 15:19:42 -0000

Not sure why you think that, can you elaborate?

All that is being proposed here is to get rid of the base64 armor which is
unnecessary in http because it is 8-bit clean by definition.

The intention is that this will be part of JOSE as-is.





On Mon, Jul 6, 2015 at 10:35 AM, Richard Barnes <rlb@ipv.sx>; wrote:

> Dealing with JOSE nuances is not germane to this WG.
>
> Yes, JOSE has failings -- pretty much all of which were pointed out
> during the JOSE WG process, and dismissed at the time.  They are not
> so bad, however, as to render JOSE as-is unusable.  Certainly the cure
> described in draft-jones-jose-jws-signing-input-options is much worse
> than the disease.  Either let's scrap JOSE and re-design more cleanly,
> or let's just use it with the flaws it has.
>
>
>
>
> On Mon, Jul 6, 2015 at 10:14 AM, Phillip Hallam-Baker
> <phill@hallambaker.com>; wrote:
> > Another point I think should be considered on the agenda is how to use
> JOSE
> > in the spec.
> >
> > I think it would be a very good idea to adopt the approach Mike Jones and
> > myself have been suggesting of using JOSE without base64 armoring for
> > authenticating requests and responses at the Web Service level.
> >
> > http://tools.ietf.org/html/draft-jones-jose-jws-signing-input-options-00
> >
> >
> > I really hope that ACME is not going to be the last JSON based security
> spec
> > IETF does and I would really like all the specs to end up with something
> > approaching a uniform style.
> >
> >
> >
> > On Tue, Jun 30, 2015 at 4:12 PM, Ted Hardie <ted.ietf@gmail.com>; wrote:
> >>
> >> Just to bump this up on people's lists, Rich and I will put up a
> >> preliminary agenda next Monday.  If you want time for something other
> than
> >> draft-barnes-acme, please let us know.
> >>
> >> thanks,
> >>
> >> Ted and Rich
> >>
> >> On Fri, Jun 26, 2015 at 10:54 AM, Ted Hardie <ted.ietf@gmail.com>;
> wrote:
> >>>
> >>> Howdy,
> >>>
> >>> As you've seen from the IESG announcement, ACME has been approved as a
> >>> working group, so our meeting in Prague will be as a working group
> rather
> >>> than a BoF.  The IETF agenda is still tentative, but we're currently
> >>> scheduled for Thursday, July 23rd, 15:20-17:20, in Karlin I/II.
> (There is
> >>> still a chance that will change, though, so please do not tailor
> travel to
> >>> just that time frame!)
> >>>
> >>> Our charter lists draft-barnes-acme as a starting point, and Rich and I
> >>> are asking the authors to produce an update for the meeting.  We
> expect some
> >>> of the working group time in Prague to be a document review/discussion
> of
> >>> that draft.
> >>>
> >>> If you have other agenda items you'd like to request time for, please
> >>> send them to the list.
> >>>
> >>> thanks,
> >>>
> >>> Ted and Rich
> >>
> >>
> >>
> >> _______________________________________________
> >> Acme mailing list
> >> Acme@ietf.org
> >> https://www.ietf.org/mailman/listinfo/acme
> >>
> >
> >
> > _______________________________________________
> > Acme mailing list
> > Acme@ietf.org
> > https://www.ietf.org/mailman/listinfo/acme
> >
>