Re: [jose] POLL(s): header criticality

Edmund Jay <ejay@mgi1.com> Wed, 06 February 2013 17:51 UTC

Return-Path: <edmundjay@sbcglobal.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7283A21F8630 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 09:51:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-+7pJ63Z1v3 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 09:51:46 -0800 (PST)
Received: from nm18-vm0.access.bullet.mail.mud.yahoo.com (nm18-vm0.access.bullet.mail.mud.yahoo.com [66.94.236.23]) by ietfa.amsl.com (Postfix) with ESMTP id 3B4E021F85CC for <jose@ietf.org>; Wed, 6 Feb 2013 09:51:46 -0800 (PST)
Received: from [66.94.237.126] by nm18.access.bullet.mail.mud.yahoo.com with NNFMP; 06 Feb 2013 17:51:43 -0000
Received: from [66.94.237.123] by tm1.access.bullet.mail.mud.yahoo.com with NNFMP; 06 Feb 2013 17:51:43 -0000
Received: from [127.0.0.1] by omp1028.access.mail.mud.yahoo.com with NNFMP; 06 Feb 2013 17:51:43 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 66300.20580.bm@omp1028.access.mail.mud.yahoo.com
Received: (qmail 91954 invoked by uid 60001); 6 Feb 2013 17:51:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1360173102; bh=72auWOXlVZ4aI+ZZR80zj1pWnR6+0diRfTw2/5L9Qqs=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=D9V2UiYSib0uOQndQvy/Uivo6hJ3rcGgV0YgM/pINxU31kRxDOXAJBmjBm76K7fQpkjfWHrtAb3EVV5E2BXnN+1nogQRLwwFGb1fl4Swv6VMw388nQWTIDTY3px2cQDdOmfFD8R4iErIgtfH0hlAm5mbv8reVnLjcMREUdFxE4g=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=2RwVP3WGhfjhDv5lBcCysSvMwfvVBt08erJo6CjVX72M6gUSKI42o6bKPiBArXcaajgtIeC6qQn3kSrDBwd6heqQfH8L4j1XjYfjfsUSFUuCzMV14hkBxtsL01rwi8ImSUhfJmkOmkD6lqHXvjLy+UAiiQ2KrJ96DAft0ps8s9c=;
X-YMail-OSG: RkvzdZkVM1lbAtMmzZAhbQH99uO.Myf2fjggMr5pOvWNn.f C13TMxosSezf886Td9CV50I2eBovUUgIXzeSRc8QbFqiXcMXKms059PZ9V9m U6RlnQYgGodO.OYyTp5wLFgjas0kniqKhjY2aj6fNCArcypjqxEEPpmYRCXl snMze2oElCViRjADC9Kk7R3oMg6eUUQMx96JhdykYz9AXjd2Fan1G5uT0DHU KXYNwOTG2avnkwQPst_hBx1_W_GW7VNiCfRUd36Hwqf5H3whSIPEfkM7kaUw kRnmAUSST.2zo_qcW5AwZMZtTnGek2A4IHVh5cVKgsn80DyQdneDO4O7j_MS ZB1bTXA_8Io98NTP1yAJH9C13q2hzitFnz9aHjTosnJ5pcwyf4vcTRz7gbZk LML7pq8HewFrL_akgQ8kPPn45lKUvXu30Bw3zXXA.i21dNMPquLprtD36OBf YjancaA8SyyBxWYosKjY8Q4l4KcFOXsVRYfG4_goVemo9CAEIdyNk2moXrR8 BN9SRRECh_m83
Received: from [70.36.254.158] by web184402.mail.bf1.yahoo.com via HTTP; Wed, 06 Feb 2013 09:51:42 PST
X-Rocket-MIMEInfo: 001.001, RklSU1QgUE9MTDogIFlFUwpTRUNPTkQgUE9MTDogIFlFUwpUSElSRCBQT0xMOiAgQQoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpGcm9tOiBLYXJlbiBPJ0Rvbm9naHVlIDxvZG9ub2dodWVAaXNvYy5vcmc.ClRvOiBqb3NlQGlldGYub3JnClNlbnQ6IE1vbiwgRmVicnVhcnkgNCwgMjAxMyA2OjQ4OjM1IEFNClN1YmplY3Q6IFtqb3NlXSBQT0xMKHMpOiBoZWFkZXIgY3JpdGljYWxpdHkKCkZvbGtzLAoKSSBhbSB3cmVzdGxpbmcgd2l0aCBob3cgdG8gaGVscCBkcml2ZSBjb25zZW5zdXMgb24BMAEBAQE-
X-RocketYMMF: edmundjay@sbcglobal.net
X-Mailer: YahooMailRC/718 YahooMailWebService/0.8.132.503
References: <510FCA42.5000704@isoc.org>
Message-ID: <1360173102.86943.YahooMailRC@web184402.mail.bf1.yahoo.com>
Date: Wed, 6 Feb 2013 09:51:42 -0800 (PST)
From: Edmund Jay <ejay@mgi1.com>
To: odonoghue@isoc.org, jose@ietf.org
In-Reply-To: <510FCA42.5000704@isoc.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-334495122-1380098797-1360173102=:86943"
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 17:55:16 -0000

FIRST POLL:  YES
SECOND POLL:  YES
THIRD POLL:  A



________________________________
From: Karen O'Donoghue <odonoghue@isoc.org>
To: jose@ietf.org
Sent: Mon, February 4, 2013 6:48:35 AM
Subject: [jose] POLL(s): header criticality

Folks,

I am wrestling with how to help drive consensus on the topic of criticality of 
headers. For background, please review the current specification text, the 
minutes to the Atlanta meeting (IETF85), and the mailing list (especially the 
discussion in December with (Subj: Whether implementations must understand all 
JOSE header fields)). We need to come to closure on this issue in order to 
progress the specifications.

As a tool to gather further information on determining a way forward, the 
following polls have been created. Please respond before 11 February 2013.

Thanks,
Karen

*******************
FIRST POLL: Should all header fields be critical for implementations to 
understand?

YES – All header fields must continue to be understood by implementations or the 
input must be rejected.

NO – A means of listing that specific header fields may be safely ignored should 
be defined.

********************
SECOND POLL: Should the result of the first poll be "YES", should text like the 
following be added? “Implementation Note: The requirement to understand all 
header fields is a requirement on the system as a whole – not on any particular 
level of library software. For instance, a JOSE library could process the 
headers that it understands and then leave the processing of the rest of them up 
to the application. For those headers that the JOSE library didn’t understand, 
the responsibility for fulfilling the ‘MUST understand’ requirement for the 
remaining headers would then fall to the application.”

YES – Add the text clarifying that the “MUST understand” requirement is a 
requirement on the system as a whole – not specifically on JOSE libraries.

NO – Don’t add the clarifying text.

************************
THIRD POLL: Should the result of the first poll be "NO", which syntax would you 
prefer for designating the header fields that may be ignored if not understood?

A – Define a header field that explicitly lists the fields that may be safely 
ignored if not understood.

B – Introduce a second header, where implementations must understand all fields 
in the first but they may ignore not-understood fields in the second.

C - Other??? (Please specify in detail.)
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose