Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 22 December 2015 16:13 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB3221A21A7; Tue, 22 Dec 2015 08:13:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3445DeSQmEXz; Tue, 22 Dec 2015 08:13:24 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 648CE1A21A5; Tue, 22 Dec 2015 08:13:24 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id p187so116800871wmp.0; Tue, 22 Dec 2015 08:13:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=7T6GwK0nI6t2L2zG9frzZ15Eg1hdB5cTgxvjv8stg44=; b=H6/SGQ1yd3M5Q1hghRxwoKZ5YN569ZPsAfNNLz9ORa5G6zF2MigwYUJLnSIH56euHw Blv3Bmu2DjpcylHjVFqA85Pnni9cyn+jjlF8lpzXXqvaZzB7acLU+n0SUw1d0tiJbjWc VfnabWxXOhFSGuLiu04iPlzqKVPoY5Oqsl5MMKq1nyEt4kHJCdKfNfN6EsfJcVmhz68f gEeqFFzZ7gSMF+d+v3dS7Ns8ubrNNgcmEpbfoDjAD2yrkfSgqcbhEkluRXRaGd862No9 w03QvqMm/EkOXe6pgte9pscFT494UrdBWxX06TwpY0KqsrXOnmRuLmZpULpIcAdJ359p 9rOA==
MIME-Version: 1.0
X-Received: by 10.194.179.162 with SMTP id dh2mr28316047wjc.17.1450800802923; Tue, 22 Dec 2015 08:13:22 -0800 (PST)
Received: by 10.28.52.130 with HTTP; Tue, 22 Dec 2015 08:13:22 -0800 (PST)
In-Reply-To: <BY2PR03MB442998828AF1B6434A031F0F5E50@BY2PR03MB442.namprd03.prod.outlook.com>
References: <20151217112025.22801.65457.idtracker@ietfa.amsl.com> <BY2PR03MB4429A8A55EB13BCF8227BEBF5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672B939.4020507@cs.tcd.ie> <BY2PR03MB442F5A1BDF03E7997843CF0F5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672BD41.3000804@cs.tcd.ie> <2A23B5AE-6E82-4A44-A0D8-3D7970C57438@ve7jtb.com> <B8649513-3B05-417F-B551-46FFDA5689C2@ve7jtb.com> <CAHbuEH4yrcqmJ0uWvv2iZXZjdKGSOzcAH34i6uU2QpSyuUq=ug@mail.gmail.com> <45F8D078-A72B-4F6D-87EB-880EF867F4F2@cisco.com> <7B1E2B3A05FF2341B03CE0320754230728E3A1283B@HE101454.emea1.cds.t-internal.com> <CABzCy2C0sfJJdsv9mVvVJYWYfujTMJednE_8L7p3NcHo9-bOCg@mail.gmail.com> <0B32ADA9-D045-41A1-9207-CE238A8A5217@umu.se> <D29D7C8C.13806%sascha.preibisch@ca.com> <BY2PR03MB442998828AF1B6434A031F0F5E50@BY2PR03MB442.namprd03.prod.outlook.com>
Date: Tue, 22 Dec 2015 11:13:22 -0500
Message-ID: <CAHbuEH7-GYAkQcniceGpyVJUsHS+eW_qdvbGrKZHaHBUsYNrag@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/3uNosDCYqnl7tEPEEv7bygo_ULI>
Cc: "jose-chairs@ietf.org" <jose-chairs@ietf.org>, "draft-ietf-jose-jws-signing-input-options@ietf.org" <draft-ietf-jose-jws-signing-input-options@ietf.org>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, Vladimir Dzhuvinov <vladimir@connect2id.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2015 16:13:28 -0000

Thanks, Mike.  Let me know when this is all ready.

Best regards,
Kathleen

On Tue, Dec 22, 2015 at 9:34 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> It’s clear that most people prefer the 100% safe option over the current
> text that relies upon application semantics in some cases.  Thanks, James,
> for suggesting this and thanks to all of you who took the time to look at
> the issue.
>
>
>
> I’ll prepare a new draft reflecting this outcome.  Vladimir, could I ask you
> to once again verify the examples, once they’ve been updated?
>
>
>
>                                                           Thanks all,
>
>                                                           -- Mike
>
>
>
> From: Preibisch, Sascha H [mailto:Sascha.Preibisch@ca.com]
> Sent: Monday, December 21, 2015 9:54 AM
> To: Roland Hedberg <roland.hedberg@umu.se>se>; Nat Sakimura
> <sakimura@gmail.com>
> Cc: jose-chairs@ietf.org; Axel Nennker <Axel.Nennker@telekom.de>de>; Jim Schaad
> <ietf@augustcellars.com>om>; Mike Jones <Michael.Jones@microsoft.com>om>; Kathleen
> Moriarty <kathleen.moriarty.ietf@gmail.com>om>;
> draft-ietf-jose-jws-signing-input-options@ietf.org; jose@ietf.org; Matthew
> Miller <mamille2@cisco.com>om>; John Bradley <ve7jtb@ve7jtb.com>om>; The IESG
> <iesg@ietf.org>rg>; Stephen Farrell <stephen.farrell@cs.tcd.ie>
>
>
> Subject: Re: [jose] Stephen Farrell's Discuss on
> draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
>
>
>
> +1
>
>
>
> From: jose <jose-bounces@ietf.org> on behalf of Roland Hedberg
> <roland.hedberg@umu.se>
> Date: Monday, December 21, 2015 at 8:46 AM
> To: Nat Sakimura <sakimura@gmail.com>
> Cc: "jose-chairs@ietf.org" <jose-chairs@ietf.org>rg>, Axel Nennker
> <Axel.Nennker@telekom.de>de>, Jim Schaad <ietf@augustcellars.com>om>, Mike Jones
> <Michael.Jones@microsoft.com>om>, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com>om>,
> "draft-ietf-jose-jws-signing-input-options@ietf.org"
> <draft-ietf-jose-jws-signing-input-options@ietf.org>rg>, "jose@ietf.org"
> <jose@ietf.org>rg>, Matthew Miller <mamille2@cisco.com>om>, John Bradley
> <ve7jtb@ve7jtb.com>om>, The IESG <iesg@ietf.org>rg>, Stephen Farrell
> <stephen.farrell@cs.tcd.ie>
> Subject: Re: [jose] Stephen Farrell's Discuss on
> draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
>
>
>
> +1
>
>
>
> 21 dec. 2015 kl. 15:55 skrev Nat Sakimura <sakimura@gmail.com>om>:
>
>
>
> I also think it is better to make the b64 parameter critical. Being
> deterministic makes the life of programmers simpler. It also decreases the
> vulnerability surface. So +1 to James's text.
>
>
>
> 2015-12-21 22:26 GMT+09:00 <Axel.Nennker@telekom.de>de>:
>
> I think that the larger a payload is the higher is the risk of a bad verify
> and that few extra bytes don't matter then.
> And I follow Vladimir's argument to try to keep the security concideration
> section simpler.
>
> So +1 to James proposed text.
>
>
> -----Original Message-----
> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Matt Miller
> (mamille2)
> Sent: Donnerstag, 17. Dezember 2015 18:19
> To: Kathleen Moriarty; jose@ietf.org
> Cc: jose-chairs@ietf.org; ietf@augustcellars.com; Michael Jones; The IESG;
> John Bradley; Stephen Farrell;
> draft-ietf-jose-jws-signing-input-options@ietf.org
> Subject: Re: [jose] Stephen Farrell's Discuss on
> draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
>
> I prefer James' proposed text.  I believe this draft came about primarily
> because there are use cases where the content to sign is large enough that
> the burden of base64url encoding is too great.  By that measure, I'm not
> sure how worthwhile size-of-header arguments are, as content so large that
> base64url might be prohibitive would dwarf the concerns around header size.
> I think the risk of bad verifies outweighs the reduced-headher-size
> benefits.
>
>
> --
> - m&m
>
> Matt Miller
> Cisco Systems, Inc.
>
>> On Dec 17, 2015, at 08:39, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>
>> On Thu, Dec 17, 2015 at 9:32 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:
>>> Sorry I just recounted, it is a extra 20 bytes per message with the
>>> encoded header and not 6.
>>>
>>> That is a bit more but probably not worth dying over.   I still prefer
>>> the smaller option.
>>
>> If we could get to a consensus on this and which text is preferred,
>> that would be helpful.
>>
>> Thanks!
>> Kathleen
>>
>>
>>>
>>> John B.
>>>
>>>> On Dec 17, 2015, at 3:04 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
>>>>
>>>> I prefer making crit only required if the producer is not certain that
>>>> all potential recipients understand/the extension.
>>>>
>>>> However it would not be the end of the world for me from a size
>>>> perspective if crit was always required.  Trading 6 octets for saving 1/4 of
>>>> the body size is not a bad trade off.
>>>>
>>>> The issue for me is more always requiring something to be sent that is
>>>> known to not be used.
>>>>
>>>> So I am on the not forcing crit side but could live with the consensus
>>>> if it goes the other way.
>>>>
>>>> John B.
>>>>
>>>>> On Dec 17, 2015, at 2:48 PM, Stephen Farrell
>>>>> <stephen.farrell@cs.tcd.ie> wrote:
>>>>>
>>>>>
>>>>> Great. For completeness, the alternative proposed by James Manger
>>>>> (which I'd also prefer) was:
>>>>>
>>>>> The "crit" Header Parameter MUST be included with "b64" in its set
>>>>> of values to ensure the JWS is rejected (instead of being
>>>>> misinterpreted) by implementations that do not understand this
>>>>> specification.
>>>>>
>>>>> My discuss then is asking if, after all this discussion, the WG
>>>>> prefer the above or that below. I'll take the WG chairs word on
>>>>> what they conclude as the outcome.
>>>>>
>>>>> S.
>>>>>
>>>>> On 17/12/15 13:44, Mike Jones wrote:
>>>>>> Sure, I'm obviously fine asking the working group what they think of
>>>>>> the new text.  Working group - this new text at
>>>>>> https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-08#section-6
>>>>>> is:
>>>>>>
>>>>>> 6.  Using "crit" with "b64"
>>>>>>
>>>>>> If a JWS using "b64" with a value of "false" might be processed by
>>>>>> implementations not implementing this extension, then the "crit"
>>>>>> Header Parameter MUST be included with "b64" in its set of values
>>>>>> to cause such implementations to reject the JWS.  Conversely, if
>>>>>> used in environments in which all participants implement this
>>>>>> extension, then "crit" need not be included, since its inclusion
>>>>>> would have no effect, other than increasing the JWS size and
>>>>>> processing costs.
>>>>>>
>>>>>>                           Thanks all,
>>>>>>                           -- Mike
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>>>>>>> Sent: Thursday, December 17, 2015 2:32 PM
>>>>>>> To: Mike Jones <Michael.Jones@microsoft.com>om>; The IESG
>>>>>>> <iesg@ietf.org>
>>>>>>> Cc: ietf@augustcellars.com; jose-chairs@ietf.org;
>>>>>>> draft-ietf-jose-jws-signing- input-options@ietf.org;
>>>>>>> jose@ietf.org
>>>>>>> Subject: Re: Stephen Farrell's Discuss on
>>>>>>> draft-ietf-jose-jws-signing-input-
>>>>>>> options-08: (with DISCUSS and COMMENT)
>>>>>>>
>>>>>>>
>>>>>>> Hiya,
>>>>>>>
>>>>>>> On 17/12/15 13:20, Mike Jones wrote:
>>>>>>>> Thanks for your review, Stephen.  Replies inline below...
>>>>>>>>
>>>>>>>>> -----Original Message----- From: Stephen Farrell
>>>>>>>>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, December 17,
>>>>>>>>> 2015 12:20 PM To: The IESG <iesg@ietf.org> Cc:
>>>>>>>>> draft-ietf-jose-jws-signing-input-options@ietf.org; Mike Jones
>>>>>>>>> <Michael.Jones@microsoft.com>om>; Jim Schaad
>>>>>>>>> <ietf@augustcellars.com>om>; jose-chairs@ietf.org;
>>>>>>>>> ietf@augustcellars.com; jose@ietf.org Subject:
>>>>>>>>> Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-
>>>>>>>>> options-08: (with DISCUSS and COMMENT)
>>>>>>>>>
>>>>>>>>> Stephen Farrell has entered the following ballot position for
>>>>>>>>> draft-ietf-jose-jws-signing-input-options-08: Discuss
>>>>>>>>>
>>>>>>>>> When responding, please keep the subject line intact and reply
>>>>>>>>> to all email addresses included in the To and CC lines. (Feel
>>>>>>>>> free to cut this introductory paragraph, however.)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Please refer to
>>>>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html for
>>>>>>>>> more information about IESG DISCUSS and COMMENT positions.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The document, along with other ballot positions, can be found
>>>>>>>>> here:
>>>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-in
>>>>>>>>> put-op
>>>>>>>>> tions/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> -----------------------------------------------------------------
>>>>>>> -----
>>>>>>>>> DISCUSS:
>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>> ------
>>>>>>>>> -
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> The "crit" point raised in the gen-art review and maybe elsewhere
>>>>>>> is I think
>>>>>>>>> correct but I don't think section 6 of -08 is a good resolution
>>>>>>>>> of this topic. However, I'll clear if this is the WG consensus
>>>>>>>>> but it's hard to know that's the case for text just added
>>>>>>>>> yesterday. To resolve this discuss we just need to see what the
>>>>>>>>> WG list says about the new text.
>>>>>>>>
>>>>>>>> Jim's shepherd write-up at
>>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-inp
>
>>>>>>>> ut-opt ions/shepherdwriteup/ records the working group's desire
>
>>>>>>>> to not require the use of "crit"
>>>>>>>> when it isn't needed.  He wrote:
>>>>>>>>
>>>>>>>> "(6)  The fact that there are two different versions of encoding
>>>>>>>> that produce the same text string for signing is worrisome to
>>>>>>>> me.  The WG had the ability to address this when producing the
>>>>>>>> JWS specification and decided not to do so that time.  In this
>>>>>>>> document, the desire to allow for things to be smaller has lead
>>>>>>>> to the fact that the b64 and crit headers can be omitted as
>>>>>>>> being implicit.  This was the desire of the WG, but I personally
>>>>>>>> feel that it is the wrong decision."
>>>>>>>
>>>>>>> Fair enough, so the chair/shepherd, gen-art reviewer and seems
>>>>>>> like a few IESG members all find the current position
>>>>>>> unconvincing as does the one implementer who posted to the WG list
>>>>>>> since the new text was added.
>>>>>>> Wouldn't you agree there's enough there to justify asking the WG
>>>>>>> once more what they think about that 13 byte overhead to prevent
>>>>>>> interop and maybe even security problems?
>>>>>>>
>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>> ------
>>>>>>>>> -
>>>>>>>>>
>>>>>>>>>
>>>>>>> COMMENT:
>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>> ------
>>>>>>>>> -
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> - abstract: the description of the update to 7519 is odd. It
>>>>>>> seems to be saying
>>>>>>>>> "Here we define a thing. This specification updates 7519 to say
>>>>>>>>> you must not use this thing." but prohibiting is an odd verb to
>>>>>>>>> use there. (Since it wasn't previously there to be allowed or
>>>>>>>>> not.)
>>>>>>>>
>>>>>>>> Would you like this text better?
>>>>>>>>
>>>>>>>> "This specification updates RFC 7519 by stating that JSON Web
>>>>>>>> Tokens
>>>>>>>> (JWTs) MUST NOT use the unencoded payload option defined by this
>>>>>>>> specification."
>>>>>>>
>>>>>>> Better yep. Thanks.
>>>>>>>
>>>>>>>>
>>>>>>>> Or do you think this spec doesn't need to have the "Updates 7519"
>>>>>>>> clause at all?  People seemed split on whether this was needed or
>>>>>>>> not.
>>>>>>>
>>>>>>> Happens all the time. Personally I mostly don't care about
>>>>>>> updates which is the case this time too:-)
>>>>>>>
>>>>>>>>
>>>>>>>>> - section 6: "It is intended that application profiles specify
>>>>>>>>> up front whether" "intended" is very wishy washy and "up front"
>>>>>>>>> makes no sense at all.
>>>>>>>>
>>>>>>>> How about this wording change? "It is intended that application
>>>>>>>> profiles specify up front whether" -> "Application profiles
>>>>>>>> should specify whether"
>>>>>>>
>>>>>>> Also better,
>>>>>>> Ta,
>>>>>>> S.
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks again, -- Mike
>>>>>>>>
>>>>>> _______________________________________________
>>>>>> jose mailing list
>>>>>> jose@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/jose
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> jose mailing list
>>>>> jose@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/jose
>>>>
>>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Kathleen
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>
>
>
>
> --
>
> Nat Sakimura (=nat)
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>



-- 

Best regards,
Kathleen