Re: [jose] Beyond RFC 8785 (JSON Canonicalization Scheme)
Benjamin Kaduk <kaduk@mit.edu> Fri, 10 July 2020 21:21 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E80923A09DD for <jose@ietfa.amsl.com>; Fri, 10 Jul 2020 14:21:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqunXdi_G9hV for <jose@ietfa.amsl.com>; Fri, 10 Jul 2020 14:21:39 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4D703A09E0 for <jose@ietf.org>; Fri, 10 Jul 2020 14:21:39 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 06ALLY51014849 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Jul 2020 17:21:37 -0400
Date: Fri, 10 Jul 2020 14:21:33 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Carsten Bormann <cabo@tzi.org>
Cc: "jose@ietf.org" <jose@ietf.org>
Message-ID: <20200710212133.GA16335@kduck.mit.edu>
References: <MN2PR00MB06880AA5E91B9DC72AF93D25F5650@MN2PR00MB0688.namprd00.prod.outlook.com> <5DA4F0DB-8579-40CD-B1A9-9AB40C09F839@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5DA4F0DB-8579-40CD-B1A9-9AB40C09F839@tzi.org>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/BXjsU1lPyeUzihb2Q9VGEdbBOq8>
Subject: Re: [jose] Beyond RFC 8785 (JSON Canonicalization Scheme)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 21:21:42 -0000
On Fri, Jul 10, 2020 at 10:43:46PM +0200, Carsten Bormann wrote: > On 2020-07-10, at 22:21, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote: > > > > There are things I would have commented on in JCS > > Much of what discussion we had happened on the JSON mailing list. > There is a map (JSON object) key ordering mechanism in there for which I only have the word “sick”, and this was commented on the JSON mailing list [1] (in slightly more elaborate wording). That “feature” is still in there. No comment. > > The disturbing part is that people are now running ahead and are trying to do run-arounds around the JOSE format based on the old XMLDSig thinking. I certainly suspected that was the point of JCS, but it plaid no role in the IESG conflict review for this independent submission — I have seen very inconsistent levels of attention in IESG to considerations about how a spec will actually be used over time. https://tools.ietf.org/html/rfc5742#section-3 seems pretty clear that the IESG reviews the work that is being presented for publication on the Independent Submission stream, which would seem to exclude extensive consideration of what might be done later that builds upon such work. I'm not sure which of the 5 "types of conclusion" from RFC 5742 you are proposing should have been sent (and why)... Thanks, Ben
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Mike Jones
- [jose] Beyond RFC 8785 (JSON Canonicalization Sch… Anders Rundgren
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Carsten Bormann
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Benjamin Kaduk
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Carsten Bormann
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Anders Rundgren
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… David Waite
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Carsten Bormann
- Re: [jose] Beyond RFC 8785 (JSON Canonicalization… Anders Rundgren