IETF Logo Mail Archive

Re: [Cfrg] What Algorithm information needs to be authenticated?

Ben Laurie <ben@links.org> Fri, 05 April 2013 22:18 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74BB221F8F6C for <cfrg@ietfa.amsl.com>; Fri, 5 Apr 2013 15:18:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6f09sGTeGfo9 for <cfrg@ietfa.amsl.com>; Fri, 5 Apr 2013 15:18:10 -0700 (PDT)
Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8CD21F98FE for <cfrg@irtf.org>; Fri, 5 Apr 2013 15:18:09 -0700 (PDT)
Received: by mail-qc0-f170.google.com with SMTP id d42so594374qca.15 for <cfrg@irtf.org>; Fri, 05 Apr 2013 15:18:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=WOxU1+gmFqIJYSeJgOoTmf72UxyDTMxsutsD3akUhN4=; b=IxMoPaAQXC0ddKtRje9laJEGdLdn14v6AM37kOdhHGwLWeTUl0Z04x4+8EK5m853LL /c+QTRE/sx6k04VhyJgydbIgjcb/82F8rfcQ4OfrLAZvLD/FqGAHFVTN7v28EbTv8S6H pRXrxeuVrxk+Bw2Q6fKE859EEabUKHtvPXUu9iQl9c2oXqF86PT31fgmYd3/ftXHeMXP ItDksx6VvHxW4W8DtzeRhUgKF9Ybc1/PGflB36sqarwrQnUUKXWWBhkytBUeaRzLrqMU +ThhNq8xYwqsjU+1+eULamGZ5QLGfTOfBXlU7FL96O+K7PHuy/12PQF6HjSbSIXGZ/AN HA8w==
MIME-Version: 1.0
X-Received: by 10.224.134.199 with SMTP id k7mr23530qat.51.1365200287872; Fri, 05 Apr 2013 15:18:07 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.49.127.111 with HTTP; Fri, 5 Apr 2013 15:18:07 -0700 (PDT)
In-Reply-To: <CAL02cgQ3ZZTkgxTLQkvsjBRn0kFSRpBbOvAHKhqX6ZcTbWEnuA@mail.gmail.com>
References: <00ac01ce30fd$3d373350$b7a599f0$@augustcellars.com> <CAG5KPzwUi3kXN1TZuNWtizEML_nLYfbRgDz2nbwi=vRHbdg7Gw@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943675BA791@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAG5KPzxcaEHhYRm4RiA0__HhAApQU=j3oprnXmXe_eag5nD2eQ@mail.gmail.com> <CAL02cgQ3ZZTkgxTLQkvsjBRn0kFSRpBbOvAHKhqX6ZcTbWEnuA@mail.gmail.com>
Date: Fri, 05 Apr 2013 23:18:07 +0100
X-Google-Sender-Auth: CVriDD6wvxvV3qn5OWxDUZyX5gs
Message-ID: <CAG5KPzzxA9GPttL_Vraw5DPdVEsRsqipvyHxHT6MF4qQUTsjaA@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Jim Schaad <ietf@augustcellars.com>
Subject: Re: [Cfrg] What Algorithm information needs to be authenticated?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 22:18:10 -0000

On 5 April 2013 23:17, Richard Barnes <rlb@ipv.sx> wrote:
> On Fri, Apr 5, 2013 at 6:02 PM, Ben Laurie <ben@links.org> wrote:
>>
>> On 5 April 2013 23:00, Mike Jones <Michael.Jones@microsoft.com> wrote:
>> > Indeed, "all parameters should be protected" is the security posture
>> > taken in the current JOSE specifications.  Some want to change that.
>>
>> OK. Why?
>>
>
> Is that "Why are all parameters protected?" or "Why do some people want to
> change that"?

The latter.

>
> --Richard

v2.23.0 | Report a Bug | By Email