IETF Logo Mail Archive

Re: [jose] #49: Don't use RFC2119 language in the registry

Richard Barnes <rlb@ipv.sx> Thu, 01 August 2013 08:51 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A8121F96DA for <jose@ietfa.amsl.com>; Thu, 1 Aug 2013 01:51:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HxBeU9uxi6lP for <jose@ietfa.amsl.com>; Thu, 1 Aug 2013 01:51:53 -0700 (PDT)
Received: from mail-oa0-f46.google.com (mail-oa0-f46.google.com [209.85.219.46]) by ietfa.amsl.com (Postfix) with ESMTP id 0F85121F864D for <jose@ietf.org>; Thu, 1 Aug 2013 01:51:23 -0700 (PDT)
Received: by mail-oa0-f46.google.com with SMTP id l10so3690199oag.5 for <jose@ietf.org>; Thu, 01 Aug 2013 01:51:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=/3N8AXWZhk5oIJZ9OznOn9MnmKKy50ObcumgUv8Emb4=; b=JB8iUiAFLDTNmbtn+evqZSyUZgdlOBWQ1m7LWM5eLRapnaa8Ak1MuiUAxlcqKmhoqa 2zs2btAhxslGaAr/gtEfLQmN1itbUqrcBagBiKTh0ipthy7smvGONilmM1U5Hud03ls8 apAiPqsZolZHaY3S0l4Z4bU6QvV//qYnNUvTPsIzNObvHGiYm85lHQy98QkF5/WNCwEp VLY7ib+G/9BEh7EFrJLof9MjtmbzjLBkb5lHECApcPRFXgLqPUiYva46Sc2XotsGezvS /tPP1RHg7zIGwzLdcycLkXDr8I9oeDLf5Fs/jxNJGqJGPb4zhm1Iybt28U0nyTH07ORf GWag==
MIME-Version: 1.0
X-Received: by 10.182.165.133 with SMTP id yy5mr305825obb.89.1375347081699; Thu, 01 Aug 2013 01:51:21 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Thu, 1 Aug 2013 01:51:21 -0700 (PDT)
X-Originating-IP: [128.89.254.150]
In-Reply-To: <061.da752aeea9aadadffbb3cc5626ee7f4c@trac.tools.ietf.org>
References: <061.da752aeea9aadadffbb3cc5626ee7f4c@trac.tools.ietf.org>
Date: Thu, 01 Aug 2013 10:51:21 +0200
Message-ID: <CAL02cgQjK2u2rrdL=DudG9vxJvcD-wY1trqPb=RvnTrpu+GQOg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: jose issue tracker <trac+jose@trac.tools.ietf.org>
Content-Type: multipart/alternative; boundary="001a11c2e76a3f749304e2def2f6"
X-Gm-Message-State: ALoCoQmw4diaYDEAqjQmcvMzXdId17HuPob2s4tdq7AztAIEsuHHgTZaj3XDyXgWF0XlMhYyNSdi
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>, draft-ietf-jose-json-web-algorithms@tools.ietf.org
Subject: Re: [jose] #49: Don't use RFC2119 language in the registry
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 08:51:57 -0000

Thanks for raising this.  One of the issues in my queue was to clarify how
those requirements get managed.

One way to address this would be to move the implementation requirements
from the registry to the document.  Most algorithms are optional, so you
don't need to comment on them.  You would just have a section that
describes a core algorithm profile:

"""
X. Core Algorithms

In order to help ensure that implementations have common algorithms, this
document defines a core set of algorithms that MUST be supported.  This set
includes the following algorithms:
  - RS256
  - etc.
"""

Then when you want to update the requirements, you just write another RFC
that updates this one.

--Richard


On Thu, Aug 1, 2013 at 10:40 AM, jose issue tracker <
trac+jose@trac.tools.ietf.org> wrote:

> #49: Don't use RFC2119 language in the registry
>
>  This issue comes from a discussion that I had with Pete Resnick during the
>  F2F meeting.
>
>  Having a column in the registry that indicates that there is an
>  implementation level that is required is fine, however it should not use
>  the 2119 requirements language directly.  It would be preferable to define
>  a set of new terms (the string "must be implemented" would be fine) that
>  give the set of levels of implementation.  This would also allow for a
>  potential clean up of the +/- language as we could set a number of
>  different expected values and then define how the 2119 language applies to
>  those levels in the JWA document.  We should also provide a set of strong
>  language about who is able to update the levels and what the process is to
>  do so.  It is perfectly reasonable to have different processing for
>  different levels. Per Stephen Farrell it would be nice if the process for
>  updating the levels was similar to that of TLS for MTIs.
>
> --
> -------------------------+-------------------------------------------------
>  Reporter:               |      Owner:  draft-ietf-jose-json-web-
>   ietf@augustcellars.com |  algorithms@tools.ietf.org
>      Type:  defect       |     Status:  new
>  Priority:  major        |  Milestone:
> Component:  json-web-    |    Version:
>   algorithms             |   Keywords:
>  Severity:  -            |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/49>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email