IETF Logo Mail Archive

Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments

Mike Jones <Michael.Jones@microsoft.com> Wed, 21 October 2015 21:16 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7121B30CB for <jose@ietfa.amsl.com>; Wed, 21 Oct 2015 14:16:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.059
X-Spam-Level: **
X-Spam-Status: No, score=2.059 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URI_NO_WWW_INFO_CGI=2.071] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwzqF3Ix9aIw for <jose@ietfa.amsl.com>; Wed, 21 Oct 2015 14:16:11 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:737]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA0F11B30CD for <jose@ietf.org>; Wed, 21 Oct 2015 14:16:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hd5mQKjoZU6hNx9qPSGNiZnZ2Nrazlf8YHDNzMp4q4I=; b=AJMohgp0yXI5b4IERsIKadziYdfoUIymmFLCSLjLFaDp5C2YkSDIl9Lm6WQJPM68vU0Ykk/Y/Dq7xyBtHHFJU7Agt7yq7bLP8vlQbtgQEusUOzPCh06nTSr1h6QaHOPDAuk97RVlODSB1IqNFw2s6Be4ycPTveh5OPXKRQhZ6QU=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.300.14; Wed, 21 Oct 2015 21:15:52 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0300.010; Wed, 21 Oct 2015 21:15:52 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JWS Unencoded Payload Option spec addressing WGLC comments
Thread-Index: AdEGDt2p34ZtXRSuSce+MCacP1gQUAAEnU0wAYjZJTA=
Date: Wed, 21 Oct 2015 21:15:51 +0000
Message-ID: <BY2PR03MB442B7AF9F413BDB8626EC06F5380@BY2PR03MB442.namprd03.prod.outlook.com>
References: <BY2PR03MB4425B29243487BC32294D1AF5300@BY2PR03MB442.namprd03.prod.outlook.com> <255B9BB34FB7D647A506DC292726F6E13BB0623AFD@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BB0623AFD@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:7::355]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 24:v+Y6UEyko9dcSSAznmE7eLu5UVF49EPcLjBQYiPSw2TlwcLAC+n7lI3ABDCPrbHdt9K5tLZ8+Axt7N59dbDUwdtCIqPHLWPxFD6gZg0hirU=; 20:gJ0ULapPg8hfrQ4VTqytbB/7n18fz/9Kk5dq00qGrrLGGB+0fZUmeCcG8fSlgKDycyyEFEQI4jo6d3Z1FpbplQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
x-forefront-prvs: 073631BD3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(199003)(189002)(377454003)(50986999)(77096005)(92566002)(15975445007)(54356999)(5008740100001)(64706001)(105586002)(101416001)(102836002)(106356001)(76176999)(87936001)(46102003)(19625215002)(33656002)(74316001)(40100003)(76576001)(19300405004)(19617315012)(122556002)(19580395003)(19580405001)(16236675004)(11100500001)(5005710100001)(2950100001)(2900100001)(10400500002)(86612001)(5002640100001)(5004730100002)(10290500002)(8990500004)(189998001)(10090500001)(107886002)(5003600100002)(86362001)(99286002)(2501003)(97736004)(5001770100001)(81156007)(7059030)(3826002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB442B7AF9F413BDB8626EC06F5380BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2015 21:15:51.9670 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/A2hjAyTElvvSocx9tciRLCl83Nk>
Subject: Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 21:16:16 -0000

As I see it, explicitly updating JWS isn't necessary, since JWS established the JSON Web Signature and Encryption Header Parameters Registry to allow for additional Header Parameters to be defined, and so implementers are expected to refer to the registry and gracefully handle the possibility of extensions registered there.  The JWS Unencoded Payload Option specification registers such an extension.

As to whether "crit" is required, "crit" is only necessary if an explicit directive is required that the validation must fail if the header parameter is not understood.  However, in this case, if "b64" is not understood and simply ignored, the validation will fail without needing to use "crit", since the signature validation will fail.  Thus, the use of "crit" is unnecessary for "b64".

                                                                -- Mike

From: Manger, James [mailto:James.H.Manger@team.telstra.com]
Sent: Tuesday, October 13, 2015 7:55 PM
To: Mike Jones <Michael.Jones@microsoft.com>; jose@ietf.org
Subject: RE: JWS Unencoded Payload Option spec addressing WGLC comments

Shouldn't draft-ietf-jose-jws-signing-input-options update RFC 7515 "JWS"? That seems quite important as draft-ietf-jose-jws-signing-input-options changes the meaning of valid JWS messages (new "b64" field that cannot be ignored, but is not listed in "crit"), and allows a bunch of previously invalid chars in JWS Compact Serializations (invalidating the JWS definition of Compact Serialization as a "URL-safe string").

--
James Manger

From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Wednesday, 14 October 2015 10:49 AM
To: jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] JWS Unencoded Payload Option spec addressing WGLC comments

Draft -03 of the JWS Unencoded Payload Option specification addresses the working group last call comments received.  Thanks to Jim Schaad, Vladimir Dzhuvinov, John Bradley, and Nat Sakimura for the useful comments.  Changes were:

*         Allowed the ASCII space character and all printable ASCII characters other than period ('.') in non-detached unencoded payloads using the JWS Compact Serialization.

*         Updated the abstract to say that that the spec updates RFC 7519.

*         Removed unused references.

*         Changed the change controller to IESG.

The specification is available at:

*         https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-03<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-jose-jws-signing-input-options-03&data=01%7c01%7cMichael.Jones%40microsoft.com%7c67566ac2856449dd329b08d2d442d2c8%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=cwfExLlgEK11IEBTdvKI63EI6xNBi1JTV0KVipTf8JU%3d>

An HTML formatted version is also available at:

*         http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-03.html<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-ietf-jose-jws-signing-input-options-03.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c67566ac2856449dd329b08d2d442d2c8%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=5nAlXMo6uPDM600pp0Kf1JQliQ4maLZc5eCMKfzCdQ8%3d>

                                                                -- Mike

P.S.  This note was also published at http://self-issued.info/?p=1465<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1465&data=01%7c01%7cMichael.Jones%40microsoft.com%7c67566ac2856449dd329b08d2d442d2c8%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=L6oZmQ6tOl1eW%2fmh9zyorKeY4ouQZTGMn4o9Zid5snk%3d> and as @selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7c3a69db7b8b6c4d47da0f08d2937a3d82%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ggurSMkRVW%2bR8Nv93Mnbsf16CmVGqfjB9lW8SV5gAKM%3d>.

v2.23.0 | Report a Bug | By Email