IETF Logo Mail Archive

Re: [jose] #86: Section 7.2. JSON Web Key Set Parameters Registry

"Jim Schaad" <ietf@augustcellars.com> Wed, 21 August 2013 23:38 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 152A321F90CC for <jose@ietfa.amsl.com>; Wed, 21 Aug 2013 16:38:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.384
X-Spam-Level:
X-Spam-Status: No, score=-3.384 tagged_above=-999 required=5 tests=[AWL=0.215, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n3-jylw1Fw+D for <jose@ietfa.amsl.com>; Wed, 21 Aug 2013 16:38:53 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id D311911E8178 for <jose@ietf.org>; Wed, 21 Aug 2013 16:38:49 -0700 (PDT)
Received: from Philemon (mail.augustcellars.com [50.34.17.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 9DA7638F17; Wed, 21 Aug 2013 16:38:49 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: michael.jones@microsoft.com
References: <061.51021383e34b7fded23ba50be7eb8d82@trac.tools.ietf.org> <076.5a459b1861e0d94c9cf7c477e9b8654b@trac.tools.ietf.org>
In-Reply-To: <076.5a459b1861e0d94c9cf7c477e9b8654b@trac.tools.ietf.org>
Date: Wed, 21 Aug 2013 16:37:43 -0700
Message-ID: <007301ce9ec7$6f255080$4d6ff180$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIp4p7IyMmTgYejPD3OCuve1njwRQEQP9Z6mOFBuOA=
Content-Language: en-us
Cc: jose@ietf.org
Subject: Re: [jose] #86: Section 7.2. JSON Web Key Set Parameters Registry
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 23:38:58 -0000

There are at least two different sets of criteria that can be used at this
point that I can think of.

The first is the registration is complete and understandable.
Recommendations may be made to  the template to make it either more complete
or more understandable.  This is the basic criteria that is used for the
media types registry.

The second is that the item being registered makes sense.  This includes an
evaluation of what is being registered.  Is there a better way to do this?
Is this harmful to the JOSE world?  Do I think that the person doing the
application is a complete idiot?  This is similar to the criteria that is
being used for the TLS extension library.

There is a difference in the criteria that is being used in the two cases
about what type of evaluation is being done.  The first is basically a make
it understandable.  The second is basically a make it correct and usable and
kill those things which are bad for the world.

In the second case it makes sense to give a set of criteria that should be
used for it is harmful.  Given that there has been a long history of a
section of the group arguing that new things should not be created, this
would mean that the second is where I would expect the bar to be.  However,
if not stated then it can really on be the lower bar that is used.

I don't know how much the oauth list has been used to do registrations.
Other groups, such as the krb-wg, have found that without some type of
criteria it has been much more difficult to decide what should be registered
and what should not be registered.

Jim


> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
> jose issue tracker
> Sent: Wednesday, August 21, 2013 4:02 PM
> To: draft-ietf-jose-json-web-key@tools.ietf.org;
> michael.jones@microsoft.com
> Cc: jose@ietf.org
> Subject: Re: [jose] #86: Section 7.2. JSON Web Key Set Parameters Registry
> 
> #86: Section 7.2. JSON Web Key Set Parameters Registry
> 
> 
> Comment (by michael.jones@microsoft.com):
> 
>  Is there standard registration criteria language used in RFC that we
could
> consider?  The current language is adapted from OAuth, with I believe
> adapted it from another RFC.  Or is the point of having experts that
they're
> trusted to make these judgment calls?
> 
> --
> -------------------------+----------------------------------------------
> -------------------------+---
>  Reporter:               |       Owner:  draft-ietf-jose-json-web-
>   ietf@augustcellars.com |  key@tools.ietf.org
>      Type:  defect       |      Status:  new
>  Priority:  major        |   Milestone:
> Component:  json-web-    |     Version:
>   key                    |  Resolution:
>  Severity:  -            |
>  Keywords:               |
> -------------------------+----------------------------------------------
> -------------------------+---
> 
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/86#comment:1>
> jose <http://tools.ietf.org/jose/>
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email