IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory

Mike Jones <Michael.Jones@microsoft.com> Mon, 15 April 2013 15:45 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A4B721F9409 for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 08:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Fe7ckBGx0Pw for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 08:45:19 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0242.outbound.protection.outlook.com [207.46.163.242]) by ietfa.amsl.com (Postfix) with ESMTP id 0CD3721F9404 for <jose@ietf.org>; Mon, 15 Apr 2013 08:45:18 -0700 (PDT)
Received: from BL2FFO11FD015.protection.gbl (10.173.161.202) by BL2FFO11HUB030.protection.gbl (10.173.161.54) with Microsoft SMTP Server (TLS) id 15.0.664.0; Mon, 15 Apr 2013 15:45:17 +0000
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD015.mail.protection.outlook.com (10.173.160.223) with Microsoft SMTP Server (TLS) id 15.0.675.0 via Frontend Transport; Mon, 15 Apr 2013 15:45:16 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0318.003; Mon, 15 Apr 2013 15:45:01 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>
Thread-Topic: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory
Thread-Index: AQHONxCooSd2LAEBTkqzIVwx4JWauZjSDFgAgAVkswCAAABasA==
Date: Mon, 15 Apr 2013 15:45:01 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394367641542@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <51674E63.3050809@isoc.org> <4E1F6AAD24975D4BA5B168042967394367615F37@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAL02cgQ5OOwkTRNsSypq+y6+z3_cqAxDvkNo+HvC0m44oNf-fA@mail.gmail.com>
In-Reply-To: <CAL02cgQ5OOwkTRNsSypq+y6+z3_cqAxDvkNo+HvC0m44oNf-fA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394367641542TK5EX14MBXC283r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(189002)(5383001)(24454001)(199002)(377454001)(20776003)(18277545001)(564824004)(56776001)(31966008)(16406001)(18276755001)(55846006)(5343655001)(47446002)(33656001)(53806001)(54356001)(80022001)(4396001)(59766001)(50986001)(77982001)(51856001)(47976001)(74662001)(81542001)(512954001)(76482001)(63696002)(81342001)(79102001)(74502001)(66066001)(46102001)(47736001)(49866001)(71186001)(56816002)(5343635001)(44976003)(69226001)(15202345002)(54316002)(65816001)(16236675002); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB030; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0817737FD1
Cc: "jose@ietf.org" <jose@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>
Subject: Re: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 15:45:21 -0000

You could say "nice straw man, Jim", as it was Jim Schaad who proposed that the right question to ask was whether such use cases are important or not.  I agree with Jim that clearly if they are important/in scope, then key indicators in the headers can't be mandatory.

                                                            -- Mike

From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: Monday, April 15, 2013 8:41 AM
To: Mike Jones
Cc: odonoghue@isoc.org; jose@ietf.org
Subject: Re: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory

Nice straw man, Mike  :)

Nobody is arguing that cases with out-of-band negotiation are not important.  The question is how they should be supported.

What ISSUE-9 and ISSUE-15 are about is saying that the default assumption should be that all communication is via JW* headers.  Otherwise, we're not designing a stand-alone protocol, we're designing an adjunct to something else, and we should do it in that WG.  That default assumption means that you have to have certain contraints, like a key indicator being REQUIRED.  The SPI header is then the "get out of jail free card", releasing you from those constraints.

Let's design a real protocol first, then let people cheat.

--Richard


On Fri, Apr 12, 2013 at 1:25 AM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:
Reading this question, I believe that there's a possibility for the question to be misinterpreted, since the sense of the question in the subject is opposite of the sense of the question in the body.  I believe that the intent of 1 and 2 were as follows:

1.  Yes - Use cases where key information is exchanged by means other than the JWS and JWE headers ARE important.
2.  No - Use cases where key information is exchanged by means other than the JWS and JWE headers ARE NOT important.

Maybe people could reply with 1 and 2 as above, so that their answers to the question of whether these use cases are important are not are unambiguous.

                                                            -- Mike

From: jose-bounces@ietf.org<mailto:jose-bounces@ietf.org> [mailto:jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>] On Behalf Of Karen O'Donoghue
Sent: Thursday, April 11, 2013 5:00 PM

To: jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory

Issue #15 http://trac.tools.ietf.org/wg/jose/trac/ticket/15. suggests requiring that a key indicator, such as a "kid" field, be required in all JWS and JWE headers. Are use cases where key information is exchanged by means other than the JWS or JWE headers important?
Which of these best describes your preferences on this issue?
1.  Yes.
2.   No.
0.  I need more information to decide.

Your reply is requested by Friday, April 19th (or earlier).

_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email