Re: [jose] Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31

"Roni Even" <> Thu, 04 September 2014 21:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1A8521A0185; Thu, 4 Sep 2014 14:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ehsUGNSjNI3K; Thu, 4 Sep 2014 14:40:55 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 908C31A01A5; Thu, 4 Sep 2014 14:40:54 -0700 (PDT)
Received: by with SMTP id u56so10906341wes.30 for <multiple recipients>; Thu, 04 Sep 2014 14:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:thread-index:content-language; bh=49UozYyPfEk5CZKwPAc/kGefG2MMrPBhZo/0aYeamKQ=; b=ihAHYi6OTeLcjC6A4ZN1PqkiqhPz/XY2UUUw69omXziMljWoej41ubTe2ZJYjMcEGR pUZ5oSV6kb9VPaKdhq+6hDMNmy1jRGKF5BBYqemHfQl+EV3wL27NlPc6GJDzhaFrKL54 RJhTc07TRmXt/yDet3iUbVlr2OAXOEuQoQlqJj5hlgJahSE7S0z5NpSgtZ6Xbp2NBVS4 vTXlcOX6/8qCYMl90V+RUQqNAvH+YFes+mQp3ZUcs4Dc/JLPxJnYjjN5579h51EffyB9 atxpq97gpoZwkAVjkfShjxsKX0m/2nZDmiQgVPl050ks0+fEfNvUzqDlZmmvOAaz9Y6h WqAw==
X-Received: by with SMTP id v18mr9909369wjq.64.1409866853181; Thu, 04 Sep 2014 14:40:53 -0700 (PDT)
Received: from RoniE ( []) by with ESMTPSA id ka3sm274099wjc.3.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 04 Sep 2014 14:40:52 -0700 (PDT)
From: Roni Even <>
To: 'Mike Jones' <>,,
References: <013201cfc5da$6c34dd60$449e9820$> <>
In-Reply-To: <>
Date: Fri, 05 Sep 2014 00:40:46 +0300
Message-ID: <02c901cfc888$e53e8160$afbb8420$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02CA_01CFC8A2.0A8D4000"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJr2Pi9w67lnl1IC+ssN5znq36itAFkN9tOmq49UJA=
Content-Language: en-us
X-Mailman-Approved-At: Fri, 05 Sep 2014 19:26:41 -0700
Subject: Re: [jose] Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Sep 2014 21:40:58 -0000

Hi Mike,




From: Mike Jones [] 
Sent: 04 September, 2014 10:31 PM
To: Roni Even;;
Subject: RE: Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31


Thanks for the review, Roni.  I'm also cc'ing the working group so they're
aware of your review.  Replies are inline below.


From: Roni Even [] 
Sent: Monday, September 01, 2014 4:47 AM
Subject: Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31


I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at

Please resolve these comments along with any other Last Call comments you
may receive.

Document:  draft-ietf-jose-json-web-algorithms-31

Reviewer: Roni Even

Review Date:2014-9-1

IETF LC End Date: 2014-9-3

IESG Telechat date: 


Summary: This draft is ready for publication as a standard track RFC.



Major issues:


Minor issues:



Nits/editorial comments:

1.	Section 4.8 "This section defines the specifies" should be




2.	Section 5.2.2 "Section 5.2.3 and Section 5.2.5" should be "through"
since 5.2.4 also defines instances.




3.	Section in bullet 1 "the values of these parameters are
specified by the AEAD algorithms (in Section 5.2.3 and Section 5.2.5)". Did
you mean AEAD in which case is should be expanded and a reference is
probably needed or do you need to change it to Authenticated Encryption?
Also the "and" should be "through" same as previous comment.


Yes, the "AEAD" should become "Authenticated Encryption" to be consistent
with the rest of the spec.  And agreed about "through".


4.	In section bullet 4 for "number of bits in A" I had to go to
bullet 5 to see what A is. Maybe add also here "additional authenticated


"A" is defined in the first sentence of as "additional authenticated
data".  But there would be no harm the addition you propose.  Knowing that
it's defined in the first sentence, do you still want to see the addition?

[Roni Even] I think it will be good to have the definition  so  it is
consistent with bullet 5



                                                                -- Mike