Re: [jose] Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:52 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C995C1A87A1; Tue, 14 Oct 2014 05:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLuAXmnd6et9; Tue, 14 Oct 2014 05:52:14 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0137.outbound.protection.outlook.com [65.55.169.137]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16C8E1A87C5; Tue, 14 Oct 2014 05:52:14 -0700 (PDT)
Received: from BN3PR0301CA0010.namprd03.prod.outlook.com (25.160.180.148) by CY1PR0301MB1209.namprd03.prod.outlook.com (25.161.212.143) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:52:12 +0000
Received: from BN1BFFO11FD060.protection.gbl (2a01:111:f400:7c10::1:138) by BN3PR0301CA0010.outlook.office365.com (2a01:111:e400:4000::20) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:52:12 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD060.mail.protection.outlook.com (10.58.145.15) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:52:11 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:51:40 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Pete Resnick <presnick@qti.qualcomm.com>, The IESG <iesg@ietf.org>
Thread-Topic: Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)
Thread-Index: Ac/nrZP0e+k8EFGBTKiLptwaoglqKA==
Date: Tue, 14 Oct 2014 12:51:39 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D499@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(189002)(377454003)(43784003)(52044002)(199003)(13464003)(51704005)(76482002)(55846006)(21056001)(95666004)(106466001)(81156004)(4396001)(104016003)(120916001)(107046002)(99396003)(77096002)(86612001)(230783001)(97736003)(92566001)(86362001)(92726001)(50466002)(85306004)(15975445006)(20776003)(19580395003)(19580405001)(44976005)(66066001)(6806004)(64706001)(23676002)(84676001)(47776003)(68736004)(69596002)(46102003)(2656002)(31966008)(15202345003)(85852003)(54356999)(87936001)(50986999)(26826002)(85806002)(33656002)(80022003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB1209; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB1209;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/2jqtcKLUxo0hKxFbOjmDZr2pAMM
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:52:25 -0000

The proposed resolutions have been incorporated in the -33 draft.  I hope that on that basis, you can change your ballot position from Abstain to No Objection.

I did delete the "silly" sentence from Section 5.1, after all.

				Thanks again,
				-- Mike

> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Monday, October 06, 2014 12:54 AM
> To: Pete Resnick; The IESG
> Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-key@tools.ietf.org;
> jose@ietf.org
> Subject: RE: Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33: (with
> COMMENT)
> 
> Thanks for your review, Pete.  I've added the working group to the thread so
> they're aware of your comments.
> 
> > -----Original Message-----
> > From: Pete Resnick [mailto:presnick@qti.qualcomm.com]
> > Sent: Wednesday, October 01, 2014 9:54 PM
> > To: The IESG
> > Cc: jose-chairs@tools.ietf.org;
> > draft-ietf-jose-json-web-key@tools.ietf.org
> > Subject: Pete Resnick's Abstain on draft-ietf-jose-json-web-key-33:
> > (with
> > COMMENT)
> >
> > Pete Resnick has entered the following ballot position for
> > draft-ietf-jose-json-web-key-33: Abstain
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > http://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-key/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Given my concerns with the other documents in this series, I'm not yet
> > willing to ballot No Objection on this document. So I will Abstain, at least for
> the moment.
> > We'll see how the rest of the discussion goes.
> >
> > Comments directly on this document:
> >
> > 4/5:
> >
> >    The member names within a JWK MUST be unique; recipients MUST either
> >    reject JWKs with duplicate member names or use a JSON parser that
> >    returns only the lexically last duplicate member name, as specified
> >    in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
> >
> > That first MUST is bogus. You are allowing them not to be unique in
> > the rest of the sentence. And it's not clear what you mean by "recipients"
> > here. Sounds like you mean "parsers" or "interpreters". If it were me,
> > I'd stick to the "MUST be unique" and be done with it, but either way
> > this paragraph needs fixing.
> 
> The first MUST is a requirement on producers; the second is a requirement on
> consumers.  I propose to reword this text to make this more explicit.
> 
> This language has been extensively discussed in the working group and again as
> a result of Stephen Kent's secdir review.  For instance, see the thread "JWK
> member names, was: [jose] SECDIR review of draft-ietf-jose-json-web-key-31"
> in the JOSE mailing list archives, beginning on 9/12/14.  There was a whole JSON
> working group that created a new standards-track JSON spec (RFC 7159) that
> that decided *not* to prohibit parsers from accepting inputs with duplicate
> names.  JOSE doesn't have sufficient influence to change the JSON parsers that
> are actually deployed and available to developers.  As Richard Barnes pointed
> out during the telechat, the point of JOSE is to enable crypto with tools that
> people actually have and use.  If we rule out the use of existing parsers, we will
> have failed to meet that basic goal.
> 
> > 4.1: The second paragraph is redundant given the first paragraph; I'd delete it.
> 
> Actually, it's not.  The second paragraph says where the initial values are defined
> (Section 6.1 of JWA).
> 
> > And why do you need "use" at all given that you've got "key_ops"?
> 
> They are for different use cases.  Use is for public-key-only use cases and mirrors
> what other specs do in this regard.  key_ops was later added for WebCrypto,
> and is for use cases where any of public, private, or symmetric keys may be
> present.  The "use" member predates "key_ops" by several years and was
> already in widespread use before we added key_ops late in the game.  We
> talked about removing "use" but the working group was very much in favor of
> retaining it.
> 
> > 4.5:
> >
> >    The structure of the "kid" value is
> >    unspecified.
> >
> > You should at least mention that this is a string. "The 'kid' value is
> > a text string, but it's structure is otherwise unspecified." Or something like
> that.
> 
> It actually already does say "The "kid" value is a case-sensitive string".
> 
> > 4.6 (and 4.7-4.9):
> >
> >    If other members
> >    are present, the contents of those members MUST be semantically
> >    consistent with the related fields in the first certificate.
> >
> > This is a pretty silly use of MUST. If the answer to the question,
> > "Why might someone do otherwise?" is "Because they're an idiot", you
> > probably don't need the MUST.
> 
> Jim Schaad and others were in favor of adding this language when the "x5u",
> etc. parameters were added ... so that idiots aren't free to be idiots. :-)
> 
> > 5:
> >
> >    Implementations SHOULD ignore JWKs within a JWK Set that use "kty"
> >    (key type) values that are not understood by them, are missing
> >    required members, or for which values are out of the supported
> >    ranges.
> >
> > I don't understand that SHOULD. This is completely dependent on what
> > the implementation is doing. Unknown key types might be ignorable, but
> > they might be vitally important. Why is this not a MAY?
> 
> This language also came from Jim Schaad.  The point is that when RSA and
> Elliptic Curve keys are eventually replaced by new key types, implementations
> should be prepared to have new key types appear in the set of advertised keys
> without breaking because they don't yet understand them.
> 
> > 5.1: Strike the last sentence. It's silly.
> 
> It describes a requirement of the JWK Set data format this is not otherwise
> described.
> 
> > 7: The first two sentences of the first paragraph and the first
> > sentence of the second paragraph should be moved under Security
> > Considerations; that's what this is. I'd delete the rest, as the
> > encryption of any JSON object is handled by JWE.
> 
> The sentences you would like to move are introductory material motivating the
> descriptions of encrypted JWKs and JWK Sets and the recommendations to use
> them under these circumstances.
> 
> > You might mention the content type somewhere, but the way it is in the
> > document now is way overdone, with the whole "MUST...unless construction.
> > Simply make it:
> >
> >    The content type of "jwk+json" can be used for "cty" header of the JWE.
> >
> > if you must have something.
> 
> This specific language, using the "must ... unless" construction was a result of a
> specific working group discussion on this topic, so I'm reluctant to tinker with it.
> For instance, your "can" language loses the "must ... unless" sense that some
> working group members insisted upon.
> 
> 				Thanks again,
> 				-- Mike