[Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06
Robert Sparks <rjsparks@nostrum.com> Fri, 04 December 2015 19:08 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACDF91B3265; Fri, 4 Dec 2015 11:08:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3T19SYvxMWtn; Fri, 4 Dec 2015 11:08:08 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1BC11B3264; Fri, 4 Dec 2015 11:08:07 -0800 (PST)
Received: from unnumerable.local (pool-173-57-210-37.dllstx.fios.verizon.net [173.57.210.37]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id tB4J86MJ071273 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Fri, 4 Dec 2015 13:08:06 -0600 (CST) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-173-57-210-37.dllstx.fios.verizon.net [173.57.210.37] claimed to be unnumerable.local
To: General Area Review Team <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, jose@ietf.org, draft-ietf-jose-jws-signing-input-options@ietf.org
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <5661E491.9050007@nostrum.com>
Date: Fri, 04 Dec 2015 13:08:01 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/_3xMPsUSWoF9qbBZ3dINWLi0JC4>
Subject: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 19:08:09 -0000
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-jose-jws-signing-input-options-06 Reviewer: Robert Sparks Review Date: 4Dec2015 IETF LC End Date: 9Dec2015 IESG Telechat date: 17Dec2015 Summary: Almost ready for publication as Proposed Standard, but with a minor issue that should be addressed before publication. Minor issues: This document explicitly provides a way for interoperability to fail, but does not motivate _why_ leaving this failure mode in the protocol is a good tradeoff. Specifically, as the security considerations section points out, it is possible for an existing implementation to receive a JWS that has b64=false, which it will ignore as an unknown parameter, and (however unlikely) successfully decode the payload, and hence believe it has a valid JWS that is not what was sent. The idea that this failure can be avoided by making sure the endpoints all play nice through some unspecified agreement is dangerous. Specifically, I don't think you can rule out the case that the JWS escapes the controlled set of actors you are positing in option 1 from the list in the security considerations.. I would have been much more comfortable with a consensus to require 'crit'. (Count me in the rough if this proceeds with crit being optional). I assume there is a strong reason to allow for option 1. Please add the motivation for it to the draft, and consider adding a SHOULD use 'crit' requirement if option 1 remains. Nits/editorial comments: In the security considerations, the last sentence of the first paragraph needs to be simplified. I suggest replacing it with: "It then becomes the responsibility of the application to ensure that payloads only contain characters that will not cause parsing problems for the serialization used, as described in Section 5. The application also incurs the responsibility to ensure that the payload will not be modified during retransmission.
- [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-… Robert Sparks
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Jim Schaad
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Mike Jones
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Robert Sparks
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Robert Sparks
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Richard Barnes
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Jim Schaad
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Mike Jones
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Manger, James
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Mike Jones
- Re: [Gen-art] [jose] Gen-Art LC review: draft-iet… Manger, James
- Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-… Mike Jones