Re: [jose] Issue #119 - Manditory Serializations
Richard Barnes <rlb@ipv.sx> Fri, 04 October 2013 17:11 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1524521F9C38 for <jose@ietfa.amsl.com>; Fri, 4 Oct 2013 10:11:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.782
X-Spam-Level:
X-Spam-Status: No, score=-2.782 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EM1B1Xsv55wF for <jose@ietfa.amsl.com>; Fri, 4 Oct 2013 10:11:30 -0700 (PDT)
Received: from mail-oa0-f53.google.com (mail-oa0-f53.google.com [209.85.219.53]) by ietfa.amsl.com (Postfix) with ESMTP id 0351E21F9C83 for <jose@ietf.org>; Fri, 4 Oct 2013 10:11:28 -0700 (PDT)
Received: by mail-oa0-f53.google.com with SMTP id i7so4288311oag.12 for <jose@ietf.org>; Fri, 04 Oct 2013 10:11:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=6OE8JU6OP89IT/QSXE9NHaoAQHrpOxqUYNLvhR3Thu8=; b=ldvmNkfBGhu3/sWyly1EY2b8rPGOdGZIklPmTjI0HhJSNNyNMV2Gj1ZHm+0TbibnMx kbcZygHXPXt47N9xwcBItnxlYUKLa67NQ2p7eqkWeQgYibc3dwTe9V7ifdUQXYNvv9j2 AEVPNpPHgzV95ZgsgEQDUrx6Mx8Qzcw2NVjR8ffyu3apTd74r88hDlbjRZ/8vNo4ZL/w rl1wteUhQtzKUpvNBmWbSmqk+NjEDPYbRPI06z0ERKKbSHlzqAUi+yUdQhKo2l7MvT6J 6/oJ8kliVy3/I/8+LVnPJRtuJU/c8p4prOJTismhmMY+al8lE+Pc8pdxSo+k9J/ufHbn f47g==
X-Gm-Message-State: ALoCoQm7iWoVGoKOacuQ3O3IcZDjSItSsPG2OoBVKAnluYZ65QzDJEtr0MNFstrjPJ6ZTCwakiOO
MIME-Version: 1.0
X-Received: by 10.60.160.197 with SMTP id xm5mr2484901oeb.53.1380906687840; Fri, 04 Oct 2013 10:11:27 -0700 (PDT)
Received: by 10.60.31.74 with HTTP; Fri, 4 Oct 2013 10:11:27 -0700 (PDT)
In-Reply-To: <006d01ceaff5$c9d99010$5d8cb030$@augustcellars.com>
References: <006d01ceaff5$c9d99010$5d8cb030$@augustcellars.com>
Date: Fri, 04 Oct 2013 13:11:27 -0400
Message-ID: <CAL02cgSH9cgb-EekpkKB_piCR=fRadaNx7j4iWdTCzUWSoE1rA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="089e0118476898d0ed04e7ed6417"
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Issue #119 - Manditory Serializations
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2013 17:11:35 -0000
+1 I would argue that there should be no MTI serialization. Clearly JWT implementations will want to be compact-only, and I have no doubt that there will be apps that are JSON-only (or CBOR-only, etc.). There's no need for interop at this level (as with algorithms), since applications already need to specify which one(s) they require. There is CMS precedent for this. The ASN.1 structures defined by RFC 5652 can be encoded using a variety of encoding rules -- DER, BER, XER, etc. (Everyone uses DER, but in principle, you could use another.) Some signed things have to be DER encoded before signing/verification, but there's no requirement for the whole object to have a given serialization. Likewise in JOSE, some things have to be base64-encoded for processing, but the overall object can be either compact or JSON. --Richard On Thu, Sep 12, 2013 at 4:22 PM, Jim Schaad <ietf@augustcellars.com> wrote: > This also covers issue #176 for encryption**** > > ** ** > > The current document says that the serialization that must be implemented > is the compact serialization. I don’t think that this is going to be a > position that passes the smell test with the IESG. There was a large > amount of push back from various members of the IESG the last time that we > went through the re-chartering process about how what it mean to be a JSON > based specification. I think that if we don’t have a JSON serialization as > part of the MTI features, then we are going to get clobbered by the people > who were not in love with the last set of charter text.**** > > ** ** > > I would note that this requirement does not change the ability of an > application, for example JWT, to mandate that either the compact or JSON > serialization is what is required for that application. This is basically > a requirement that specific abilities be available from library > implementations of the JOSE specifications. **** > > ** ** > > A minimum level that I would consider to be even passable would be to make > the statement that the set of features to support the syntactic conversion > between the compact and JOSE serialization needs to be supported. This > allows for simplistic conversions that work.**** > > ** ** > > A minimum level of support that I would consider to be reasonable, is to > say that JOSE needs to support single signer and/or single recipient cases > and would also support all of the unprotected header things that are not > supported by the compact serialization case.**** > > ** ** > > I worry that we are making the mandatory serialization be that which is > supported by JWT and not that which will be required by future applications > which are not JWT and want to use JSON rather than the compact > serialization that is used by JWT. The library that I put together > focused on the JSON serializations as the core implementation, and it will > only produce the compact serializations if specific conditions are met.*** > * > > ** ** > > Jim**** > > ** ** > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] Issue #119 - Manditory Serializations Jim Schaad
- Re: [jose] Issue #119 - Manditory Serializations Richard Barnes