IETF Logo Mail Archive

Re: [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

Tim Bray <tbray@textuality.com> Mon, 15 September 2014 19:04 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74E331A7028 for <jose@ietfa.amsl.com>; Mon, 15 Sep 2014 12:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2D7MC_vlgyY for <jose@ietfa.amsl.com>; Mon, 15 Sep 2014 12:04:25 -0700 (PDT)
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8421A8029 for <jose@ietf.org>; Mon, 15 Sep 2014 11:54:50 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id le20so3921894vcb.13 for <jose@ietf.org>; Mon, 15 Sep 2014 11:54:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=q4eReECnaza4AkgIXfLOcdPIRntyhOrK21leF9AckNY=; b=GnfZ/He41GDcidBBsFTK06V+nQHD1SI5GJYCF/n+xtu1CyoXhUJPRxnFwUmv87B19Q AYpgKChszcsGCbUweE6Dz8S0EPwd+szxSYogZUv+zX85PlDeaLuFXpL0KQ54+FuCPxbX HVfgnAHx+NxXQsxdra6vsjOby6i25x4+B/u/NQnQSGm2jFlGIMXvC7EPKGs3hXGvW2On i1YOU7iHJtdgZGA65r4DtHVfI4FeQTmxg7/oJclHtpdR78k4cQq9Sp6IFCWUHj6GiBUD GifNpd+4Tjt2P5Gi/nfmp/qhxuHxAWjJKuLJBSca2kqUVsPmmxGmYeqAc7Qq7F7dwrAS a+Og==
X-Gm-Message-State: ALoCoQl13tN/ELAid7LpRmMai5lCB/Efup1cyoyBWqdGXy1jSJd5XJvRwCKJ4K3URcDFcyuGvERf
X-Received: by 10.220.2.133 with SMTP id 5mr16095686vcj.48.1410807289966; Mon, 15 Sep 2014 11:54:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.214.4 with HTTP; Mon, 15 Sep 2014 11:54:28 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <54173546.5000400@bbn.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com>
From: Tim Bray <tbray@textuality.com>
Date: Mon, 15 Sep 2014 11:54:28 -0700
Message-ID: <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="001a11c3dbe45d8b7905031f2baf"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/7xUgjNxXgr-c2mtvcRFBCOq-CvM
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 19:04:28 -0000

​When I talk about existing software I’m referring to generic JSON parsers
such as are included in the basic library set of every programming language
now, and which are unfortunately idiosyncratic and inconsistent in their
handling of dupe keys, but in almost no cases actually inform the calling
software whether or not dupe keys were encountered.

On Mon, Sep 15, 2014 at 11:51 AM, Stephen Kent <kent@bbn.com> wrote:

> OK, I'm a bit confused.
>
> I thought the JOSE specs were intended to create standards for transport
> of keys, and for sigs,
> MACs, and encryption of JSON objects.
>
> What is the existing software to which you and Tim refer, when referring
> to keys (vs.
> JSON parsing in general)?
>
> Steve
>
>


-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)

v2.23.0 | Report a Bug | By Email