IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-10.txt

Leif Hedstrom <leif@ogre.com> Tue, 01 November 2016 15:24 UTC

Return-Path: <leif@ogre.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BADF7129A0D for <cdni@ietfa.amsl.com>; Tue, 1 Nov 2016 08:24:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level:
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ogre.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9DKJpVZ5FOAz for <cdni@ietfa.amsl.com>; Tue, 1 Nov 2016 08:24:55 -0700 (PDT)
Received: from cosmo.ogre.com (cosmo4.ogre.com [71.6.165.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C908129713 for <cdni@ietf.org>; Tue, 1 Nov 2016 08:24:55 -0700 (PDT)
Received: by cosmo.ogre.com (8.15.2/8.15.2) with ESMTPSA id uA1FOeNl004855 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 1 Nov 2016 08:24:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ogre.com; s=03062012; t=1478013882; bh=zb0vVpjodFENc6TkS3qRYZMEHOGs2Nx6l2dhZTFXEec=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=hVgEx4X+OroTUKHxLkZ9NoMN0fG73dZ2RLpKOPv1KGfZ3q0EHMaUer3mbUQgF397/ 2iATFHVUuyCRYX4fqHim0so1DPnD67jXMEnl97Qrc25/xU6K33uk6x6Es5+OZnVAn6 9YSa29jAhcJAFqkQELdAdOGgBfV+t2aYfVXePjbI=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Leif Hedstrom <leif@ogre.com>
In-Reply-To: <CABF6JR1zhKmgddQ8euhDTBgM9HTAd-QJqx712wOR3vPDMyUc_A@mail.gmail.com>
Date: Tue, 01 Nov 2016 09:24:40 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <8FF13AE0-272D-43B2-A4A6-A96EB2B1D560@ogre.com>
References: <147556991928.12899.3720041473146885160.idtracker@ietfa.amsl.com> <E30D6B39-70EC-4345-AF5E-1698D8BD4FAD@tno.nl> <CABF6JR0Ak8GXicNJpf6LGyLAmZhW4zT2B3OaP_ik6nXp5dB-rQ@mail.gmail.com> <A419F67F880AB2468214E154CB8A556206F6A925@eusaamb103.ericsson.se> <CABF6JR1zhKmgddQ8euhDTBgM9HTAd-QJqx712wOR3vPDMyUc_A@mail.gmail.com>
To: Phil Sorber <sorber@apache.org>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/IVywXM91Pgq-y6WZ6867KN5gpYs>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-10.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 15:24:57 -0000

> On Oct 26, 2016, at 10:09 AM, Phil Sorber <sorber@apache.org> wrote:
> 
> I added your text changes to the PR.
> 
> As far as ignoring extra claims, it was for third parties. I am rethinking this though. Leif expressed some concerns about processing performance if we allowed free form content. It seems like ignoring unknown claims is of marginal value, but it had several downsides.


My thinking is that we should make efforts to clamp down specifications on what is acceptable (and required) JSON and claims here. Such that someone could write a really fast, simplified JWT parser that only handles the cases we must support, nothing more, nothing less.

Cheers,

— Leif

v2.23.0 | Report a Bug | By Email