IETF Logo Mail Archive

Re: [jose] Comments on draft-barnes-jose-spi-00

Richard Barnes <rlb@ipv.sx> Tue, 02 April 2013 18:00 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFFE21F8C83 for <jose@ietfa.amsl.com>; Tue, 2 Apr 2013 11:00:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.127
X-Spam-Level:
X-Spam-Status: No, score=-1.127 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pp5aTkh+4oaZ for <jose@ietfa.amsl.com>; Tue, 2 Apr 2013 11:00:03 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1FBA821F8C74 for <jose@ietf.org>; Tue, 2 Apr 2013 11:00:03 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id h1so671661oag.3 for <jose@ietf.org>; Tue, 02 Apr 2013 11:00:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=wQaKJUiJLOXktx0cNA6d6P2wfUYur5czIxDxk/jtPOQ=; b=VR3srOmLA5f4APO+VHlHuHQno7PBDud78UTuT7caRN41WlCWGziY6AstkZTwzFJEqe tguCPwuh0rU4KuPZN8sKShAZ6zbJGrMm50aPXFaK+qklh8CKSBJiCfIPXcv57PVAzLfr KtUkPIP4RawnqqAJTg2qOyIvTwz64E/3BmKQ+Fkry5pP1fhmCtj2gVjBM9hB74vLrZl1 hBAb3u86IJ8E3WYdI5AWDmHZ1JFDdZO0D1DkNNlATDypF9CCb+uRMkTHZPYZYpX49RPf ss/MJ85UQXwQ37JCPhff5aeOS/TFkjCARTf8kOwUmRG1W4B51PDF9Nw3VFRPjGfR4N/Y 8cVw==
MIME-Version: 1.0
X-Received: by 10.182.217.10 with SMTP id ou10mr5804655obc.30.1364925602675; Tue, 02 Apr 2013 11:00:02 -0700 (PDT)
Received: by 10.60.160.201 with HTTP; Tue, 2 Apr 2013 11:00:02 -0700 (PDT)
X-Originating-IP: [192.1.51.16]
In-Reply-To: <515B1862.2020204@gmx.net>
References: <005301ce2fba$e4c68100$ae538300$@augustcellars.com> <515B1862.2020204@gmx.net>
Date: Tue, 02 Apr 2013 14:00:02 -0400
Message-ID: <CAL02cgSLFeh_wzaC0nb7=Xg74_3S2irg9bHxA6cvPF3vbwvTRw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="f46d0444709db19fe304d964813a"
X-Gm-Message-State: ALoCoQl1OgWWjGF+jbkZYhl8qJsRF1dqosF2rZXS0YtXeQZaDsMCNChvrWdCFDSTxG4liQgJAsOT
Cc: Jim Schaad <ietf@augustcellars.com>, jose@ietf.org, draft-barnes-jose-spi@tools.ietf.org
Subject: Re: [jose] Comments on draft-barnes-jose-spi-00
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 18:00:05 -0000

"kid" identifies a key.  "spi" identifies anything/everything.

Think of it this way:
"spi" --> { "alg", "enc", "zip", "kid", ... }


On Tue, Apr 2, 2013 at 1:41 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net
> wrote:

> I don't understand why you need an additional spi parameter when there is
> already a kid parameter, which serves the same purpose.
>
> Here is the kid parameter in the JWE:
> http://tools.ietf.org/html/**draft-ietf-jose-json-web-**
> encryption-08#section-4.1.10<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.10>
>
> Here is the kid parameter in the JWS:
> http://tools.ietf.org/html/**draft-ietf-jose-json-web-**
> signature-08#section-4.1.7<http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section-4.1.7>
>
> Ciao
> Hannes
>
>
> On 04/02/2013 06:58 PM, Jim Schaad wrote:
>
>> Richard,
>>
>> There is not yet sufficient detail in this document for me to do a
>> proper evaluation of how things are going to work.  Example questions
>> that I have.
>>
>> 1. What headers are required and which can  be implicit – for example
>> can the algorithm fields be implicit in the SPI?
>>
>> 2.Are the integrity value computed across the fully populated header or
>> the SPI header?
>>
>> 3.Is there a way to forward a message from person A which knows the SPI
>>
>> values and person B which does not?
>>
>> 4.What is the correct algorithm for determining the JWS vs JWE in the
>>
>> event that all of the algorithms are implicit
>>
>> 5.What happens if you have implicit parameters and explicit parameters
>>
>> and they do not match?
>>
>> 6.Is there a recommended way to determine what the SPI parameters are
>>
>> going to be?  Does the application need to pre-parse the message to get
>> the SPI value or is there a recommendation that some type of callback be
>> included
>>
>> 7.Can you make things like the IV be implicit?  Thus agree on a starting
>>
>> value and an increment and compute the new IV for each new message
>>
>> 8.If you are requiring that the values be populated by the application –
>>
>> does this require that you have a canonical encoding of how those values
>> are placed into the header for the purposes of the integrity check?
>>
>> Jim
>>
>>
>>
>> ______________________________**_________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/**listinfo/jose<https://www.ietf.org/mailman/listinfo/jose>
>>
>>
> ______________________________**_________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/**listinfo/jose<https://www.ietf.org/mailman/listinfo/jose>
>

v2.23.0 | Report a Bug | By Email