IETF Logo Mail Archive

Re: [jose] POLL(s): header criticality

"charles.marais@orange.com" <charles.marais@orange.com> Thu, 07 February 2013 08:36 UTC

Return-Path: <charles.marais@orange.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 074A921F8609 for <jose@ietfa.amsl.com>; Thu, 7 Feb 2013 00:36:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.291
X-Spam-Level:
X-Spam-Status: No, score=-2.291 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_DNSWL_MED=-4, SARE_GIF_ATTACH=1.42, TVD_FW_GRAPHIC_NAME_LONG=1.08]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OkrnCingSDKs for <jose@ietfa.amsl.com>; Thu, 7 Feb 2013 00:36:04 -0800 (PST)
Received: from p-mail2.rd.francetelecom.com (p-mail2.rd.francetelecom.com [195.101.245.16]) by ietfa.amsl.com (Postfix) with ESMTP id D19A721F8576 for <jose@ietf.org>; Thu, 7 Feb 2013 00:36:03 -0800 (PST)
Received: from p-mail2.rd.francetelecom.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 310841074005 for <jose@ietf.org>; Thu, 7 Feb 2013 09:41:09 +0100 (CET)
Received: from ftrdsmtp2.rd.francetelecom.fr (unknown [10.192.128.47]) by p-mail2.rd.francetelecom.com (Postfix) with ESMTP id 29F751074004 for <jose@ietf.org>; Thu, 7 Feb 2013 09:41:09 +0100 (CET)
Received: from ftrdmel10.rd.francetelecom.fr ([10.192.128.44]) by ftrdsmtp2.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Thu, 7 Feb 2013 09:36:02 +0100
Received: from [10.193.13.83] ([10.193.13.83]) by ftrdmel10.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Thu, 7 Feb 2013 09:36:02 +0100
Message-ID: <51136771.2090903@orange.com>
Date: Thu, 07 Feb 2013 09:36:01 +0100
From: "charles.marais@orange.com" <charles.marais@orange.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: jose@ietf.org
References: <510FCA42.5000704@isoc.org> <CAAAkSUFNO_1o0orUgfwvE3AjruNQcrz5Z5a5Z_vg6z6ycC3f3w@mail.gmail.com>
In-Reply-To: <CAAAkSUFNO_1o0orUgfwvE3AjruNQcrz5Z5a5Z_vg6z6ycC3f3w@mail.gmail.com>
Content-Type: multipart/related; boundary="------------060008080904080105060404"
X-OriginalArrivalTime: 07 Feb 2013 08:36:02.0188 (UTC) FILETIME=[295BB4C0:01CE050E]
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 08:36:05 -0000

FIRST POLL:  YES
SECOND POLL:  YES
THIRD POLL:  A

Charles Marais.
Le 07/02/2013 03:07, hideki nara a écrit :
FIRST POLL:  YES
SECOND POLL:  YES
THIRD POLL:  A

---
hideki nara

2013/2/4 Karen O'Donoghue <odonoghue@isoc.org>:

Folks,

I am wrestling with how to help drive consensus on the topic of criticality
of headers. For background, please review the current specification text,
the minutes to the Atlanta meeting (IETF85), and the mailing list
(especially the discussion in December with (Subj: Whether implementations
must understand all JOSE header fields)). We need to come to closure on this
issue in order to progress the specifications.

As a tool to gather further information on determining a way forward, the
following polls have been created. Please respond before 11 February 2013.

Thanks,
Karen

*******************
FIRST POLL: Should all header fields be critical for implementations to
understand?

YES – All header fields must continue to be understood by implementations or
the input must be rejected.

NO – A means of listing that specific header fields may be safely ignored
should be defined.

********************
SECOND POLL: Should the result of the first poll be "YES", should text like
the following be added? “Implementation Note: The requirement to understand
all header fields is a requirement on the system as a whole – not on any
particular level of library software. For instance, a JOSE library could
process the headers that it understands and then leave the processing of the
rest of them up to the application. For those headers that the JOSE library
didn’t understand, the responsibility for fulfilling the ‘MUST understand’
requirement for the remaining headers would then fall to the application.”

YES – Add the text clarifying that the “MUST understand” requirement is a
requirement on the system as a whole – not specifically on JOSE libraries.

NO – Don’t add the clarifying text.

************************
THIRD POLL: Should the result of the first poll be "NO", which syntax would
you prefer for designating the header fields that may be ignored if not
understood?

A – Define a header field that explicitly lists the fields that may be
safely ignored if not understood.

B – Introduce a second header, where implementations must understand all
fields in the first but they may ignore not-understood fields in the second.

C - Other??? (Please specify in detail.)
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose" rel="nofollow">https://www.ietf.org/mailman/listinfo/jose

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose" rel="nofollow">https://www.ietf.org/mailman/listinfo/jose

--

MARAIS Charles
FT/OLNC/OLPS/ASE/IDEA/UED
Tel : 02.96.05.24.18
charles.marais@orange.com
WF004Bis / R&D Lannion / 2, avenue Pierre Marzin / 22307 LANNION Cedex - France



v2.23.0 | Report a Bug | By Email