IETF Logo Mail Archive

Gen-ART review of draft-ietf-jose-json-web-signature-33

Russ Housley <housley@vigilsec.com> Sat, 27 September 2014 15:32 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7C5E1A1B67; Sat, 27 Sep 2014 08:32:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id euzMcxka1xl5; Sat, 27 Sep 2014 08:32:28 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [209.135.209.4]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5FC1A1B61; Sat, 27 Sep 2014 08:32:28 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 8B59EF9C058; Sat, 27 Sep 2014 11:32:17 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 67nzBuevzDmI; Sat, 27 Sep 2014 11:31:56 -0400 (EDT)
Received: from [192.168.10.140] (ip-64-134-96-17.public.wayport.net [64.134.96.17]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 32C11F9C05B; Sat, 27 Sep 2014 11:31:56 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Gen-ART review of draft-ietf-jose-json-web-signature-33
Date: Sat, 27 Sep 2014 11:31:44 -0400
Message-Id: <23AB1ACB-02B2-4E82-A832-E89E61795C85@vigilsec.com>
To: draft-ietf-jose-json-web-signature.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/DCnX1yR-WZWMKj5Ubwy-96iRomU
Cc: IETF Gen-ART <gen-art@ietf.org>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 15:32:30 -0000

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-jose-json-web-signature-33
Reviewer: Russ Housley
Review Date: 2014-08-24
IETF LC End Date: 2014-09-03
IESG Telechat date: 2014-10-02

Summary:  Ready.  Some issues could be resolved to improve the document.

Thank you for addressing my comments on -31.

Major Concerns:  

- None.

Minor Concerns:

- Section 10.5 should state that validation of a MAC means provides
  corroboration that the message was generated by one of the parties
  that knows the symmetric MAC key.  This could potentially be many
  parties.

- In Section 4.1.4, should the value match the subject key identifier
  if an X.509 certificate is used?

- In Section 4.1.5, why is TLS required to fetch digitally signed
  X.509 certificates?

v2.23.0 | Report a Bug | By Email