Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Barry Leiba <barryleiba@computer.org> Tue, 07 October 2014 16:04 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CFA01A01F7; Tue, 7 Oct 2014 09:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFOJmykhHS5L; Tue, 7 Oct 2014 09:04:36 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ABDD1A0163; Tue, 7 Oct 2014 09:04:35 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id mk6so6717863lab.15 for <multiple recipients>; Tue, 07 Oct 2014 09:04:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Wj9obHu7aMdelziS91lNk9qtiLC2IcScT6yiKiZK414=; b=N3UK0/RJ90OBmaGX5KV7dWrbydNQ98EGChfyL8mD6gOuAVPDA9iAclzAz3CfoFEkjQ EDJCiLyvwqOhI5ouVGd663MBBI4kWBejvkxCXegjvBULtvmw5z4eDTLXcFXawKpSzSPh 4Nf6l6X+qAu700jhPJQGIP3qVfvNdFmDXxJNZ+QH45xzkAFHMtt3GGNG7XCKrYMvIq1q Hpvrv4KhGDt+ZuO6fXxu8G0ckKgY0CsaXkqu6BKmMu5u7gOgvWep4i0DsViSu9wlZBzn BgsQxEFKJpmtS0oEqNgVGLB26Cjd1kt537Va+5BDgy9ABzYLdpYj7QBIKbuVAOFRoU6o AWWw==
MIME-Version: 1.0
X-Received: by 10.112.158.227 with SMTP id wx3mr4978150lbb.1.1412697873846; Tue, 07 Oct 2014 09:04:33 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.152.1.193 with HTTP; Tue, 7 Oct 2014 09:04:33 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAF4627@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <20141002111501.6046.52416.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAF0C1E@TK5EX14MBXC286.redmond.corp.microsoft.com> <00c601cfe1a4$15d32900$41797b00$@augustcellars.com> <7ABF79CB-61C8-490B-A727-465530222F0B@nominum.com> <00dd01cfe1aa$eba7db10$c2f79130$@augustcellars.com> <54330888.4090605@cs.tcd.ie> <00f101cfe1ad$6dc9fea0$495dfbe0$@augustcellars.com> <54330D56.507@cs.tcd.ie> <4E1F6AAD24975D4BA5B16804296739439BAF2783@TK5EX14MBXC286.redmond.corp.microsoft.com> <011b01cfe1d5$17f6d610$47e48230$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739439BAF321C@TK5EX14MBXC286.redmond.corp.microsoft.com> <5433BDC3.2050404@cs.tcd.ie> <CALaySJ+cDNPGc6orsJqwnhx-p3puRH_q1E4=vx0Vcodv-Npz+Q@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439BAF4627@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Tue, 7 Oct 2014 12:04:33 -0400
X-Google-Sender-Auth: jE6DKFJ3uLh4MrH_6mtN7pDwGqI
Message-ID: <CALaySJLEPU0TifJ6j5o66gD_=kxefoKzPzo-LYz5NutSF0pZ3A@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/0xGXbZVKhoTZCmmkda4cH1oY89I
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, Jim Schaad <ietf@augustcellars.com>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 16:04:39 -0000

> This brings me back around to wondering why just saying that Key
> ID values are case sensitive strings is not enough, and leaving it up
> to applications how to choose the contents of those case-sensitive
> strings?

Yes, that's fine, if that's adequate for the situation.  Remember that
this all came from what's in the documents now, with statements such
as this (from JWT, Sections 5.1 and 5.2):

   While media type names are not case-sensitive,
   it is RECOMMENDED that "JWT" always be spelled using uppercase
   characters for compatibility with legacy implementations.  Use of
   this Header Parameter is OPTIONAL.

That violates the "always case sensitive" rule, and requires that you
deal with comparisons and/or normalization.

If you just say that everything is case sensitive, or REQUIRE those
strings to be case-normalized, that addresses the problem.

Barry