IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

<Axel.Nennker@telekom.de> Mon, 27 August 2012 19:06 UTC

Return-Path: <Axel.Nennker@telekom.de>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBB9B21F852B for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 12:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWWrdLI3znyt for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 12:06:08 -0700 (PDT)
Received: from tcmail53.telekom.de (tcmail53.telekom.de [217.5.214.110]) by ietfa.amsl.com (Postfix) with ESMTP id 7FAE121F851E for <jose@ietf.org>; Mon, 27 Aug 2012 12:06:08 -0700 (PDT)
Received: from he111527.emea1.cds.t-internal.com ([10.125.90.86]) by tcmail51.telekom.de with ESMTP/TLS/AES128-SHA; 27 Aug 2012 21:06:05 +0200
Received: from HE111541.emea1.cds.t-internal.com ([169.254.2.25]) by HE111527.EMEA1.CDS.T-INTERNAL.COM ([2002:7cd:5a56::7cd:5a56]) with mapi; Mon, 27 Aug 2012 21:06:04 +0200
From: Axel.Nennker@telekom.de
To: ietf@augustcellars.com, jose@ietf.org
Date: Mon, 27 Aug 2012 21:06:03 +0200
Thread-Topic: [jose] DISCUSS: Nonce/Timestamp parameter
Thread-Index: Ac2ELoc7u5wC+hIARhuRuZsuq8qwFAAVxixQ
Message-ID: <CE8995AB5D178F44A2154F5C9A97CAF402517E00C0E7@HE111541.emea1.cds.t-internal.com>
References: <CE8995AB5D178F44A2154F5C9A97CAF402517E00B8B5@HE111541.emea1.cds.t-internal.com>
In-Reply-To: <CE8995AB5D178F44A2154F5C9A97CAF402517E00B8B5@HE111541.emea1.cds.t-internal.com>
Accept-Language: de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2012 19:06:09 -0000

I vote: NO

I think that nonce does make sense in signing or encryption because it only makes sense in a protocol exchange. 
Maybe there is some justification for nonce in jwt but if jwt is used with oauth2 then we already have state.

Could one of the six who voted yes please explain why nonce is useful?

Axel

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Nennker, Axel
Sent: Monday, August 27, 2012 10:37 AM
To: ietf@augustcellars.com; jose@ietf.org
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter

What is the base specification? https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03 ?
I think that nonce and timestamp are protocol specific fields and that JOSE is not about protocols. There are no round-trips in JOSE.
The cryptographic algorithms used in JOSE are secure enough without nounce and timestamp.

Axel

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
Sent: Friday, August 17, 2012 9:05 AM
To: jose@ietf.org
Subject: [jose] POLL: Nonce/Timestamp parameter

<CHAIR>

If you voted at the face-2-face please do not vote again.  If you want to provide comments please change the title from POLL to DISCUSS.

Do we need to define a nonce/timestamp parameter in the base specification?



Room vote:  6 yes, 0 no, 1 discuss


_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.41.0 | Report a Bug | By Email | System Status