[jose] Issue #102 - Bullet B
"Jim Schaad" <ietf@augustcellars.com> Thu, 03 October 2013 19:31 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5B2621F8CB4 for <jose@ietfa.amsl.com>; Thu, 3 Oct 2013 12:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cglg1ki-7AjR for <jose@ietfa.amsl.com>; Thu, 3 Oct 2013 12:31:14 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) by ietfa.amsl.com (Postfix) with ESMTP id 3537021F8F09 for <jose@ietf.org>; Thu, 3 Oct 2013 12:14:03 -0700 (PDT)
Received: from Philemon (unknown [207.145.231.38]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id D6C2E38F36 for <jose@ietf.org>; Thu, 3 Oct 2013 12:14:02 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: jose@ietf.org
Date: Thu, 03 Oct 2013 12:12:43 -0700
Message-ID: <008a01cec06c$8cc08030$a6418090$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_008B_01CEC031.E063A400"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac7AaE6X8XciYK7BQB2WVHJobOEzng==
Content-Language: en-us
Subject: [jose] Issue #102 - Bullet B
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 19:31:29 -0000
I find myself slightly worried about the fact that we say that some names are either from our registry or are from a collision resistant namespace, without explicitly stating what this means. Consider the following strings 1.2.3.4 http://example.com/algoirthm/sha-1 RSAES-PKCS1-v1.5 All three of these are names from a collision resistant name space (OID, URL, WebCrypto Algorithm names), but in only one case has the namespace been identified. If we don't require that the namespace be part of the string then it would appear that there is a potential problem waiting to raise its ugly head. I can see a couple of potential places to address this, however the easiest would be to make the definition of a Collision Resistant Name to include the concept that it is composed of a name space identifier and a name in the name space. This would make the first item in my list be oid:1.2.3.4 and the last one not usable unless and until a namespace identifier is created for it. The language in a couple of places should also be cleaned up to make it slightly more readable so that "alg" values SHOULD either be registered in the IANA JSON Web Signature and Encryption Algorithms registry defined in [JWA <http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-16#ref-JWA> ] or be a value that contains a Collision Resistant Name. becomes An "alg" value SHOULD be from the IANA JSON Web Signature and Encryption Algorithms registry or be a Collision Resistant Name. Comments? Jim
- [jose] Issue #102 - Bullet B Jim Schaad
- Re: [jose] Issue #102 - Bullet B Manger, James H