Return-Path: X-Original-To: jose@ietfa.amsl.com Delivered-To: jose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C14B21F8532 for ; Mon, 27 Aug 2012 11:11:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.842 X-Spam-Level: X-Spam-Status: No, score=-3.842 tagged_above=-999 required=5 tests=[AWL=-0.243, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kUiGeHJkIbZL for ; Mon, 27 Aug 2012 11:11:57 -0700 (PDT) Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe003.messaging.microsoft.com [213.199.154.206]) by ietfa.amsl.com (Postfix) with ESMTP id 3F26A21F8551 for ; Mon, 27 Aug 2012 11:11:57 -0700 (PDT) Received: from mail26-am1-R.bigfish.com (10.3.201.229) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Mon, 27 Aug 2012 18:11:55 +0000 Received: from mail26-am1 (localhost [127.0.0.1]) by mail26-am1-R.bigfish.com (Postfix) with ESMTP id 8930E2C0186; Mon, 27 Aug 2012 18:11:55 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -31 X-BigFish: VS-31(zzbb2dI98dI9371I168aJ542M1432Izz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah1155h) Received-SPF: pass (mail26-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail26-am1 (localhost.localdomain [127.0.0.1]) by mail26-am1 (MessageSwitch) id 1346091113254449_23460; Mon, 27 Aug 2012 18:11:53 +0000 (UTC) Received: from AM1EHSMHS004.bigfish.com (unknown [10.3.201.227]) by mail26-am1.bigfish.com (Postfix) with ESMTP id 325161C004E; Mon, 27 Aug 2012 18:11:53 +0000 (UTC) Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS004.bigfish.com (10.3.207.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 27 Aug 2012 18:11:52 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.176]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0318.003; Mon, 27 Aug 2012 18:11:51 +0000 From: Mike Jones To: Justin Richer Thread-Topic: [jose] DISCUSS: Nonce/Timestamp parameter Thread-Index: Ac2CTJhfhDZ21YmQR8aBkF8crw0gfQCF+DqAAAavCgA= Date: Mon, 27 Aug 2012 18:11:51 +0000 Message-ID: <4E1F6AAD24975D4BA5B1680429673943667AB0E9@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com> <503B8B2D.7070202@mitre.org> In-Reply-To: <503B8B2D.7070202@mitre.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.75] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: Jim Schaad , "jose@ietf.org" Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter X-BeenThere: jose@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Javascript Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 18:11:58 -0000 It is. For those of you wondering what the reference to "issued at" is, se= e http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03#section-4.1= .3. -- Mike -----Original Message----- From: Justin Richer [mailto:jricher@mitre.org]=20 Sent: Monday, August 27, 2012 7:59 AM To: Mike Jones Cc: Jim Schaad; jose@ietf.org Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter How is "issued at" not a timestamp? -- Justin On 08/24/2012 07:02 PM, Mike Jones wrote: > I'll note for discussion purposes that a nonce and a timestamp are not th= e same thing (although sometimes they are used to achieve similar/related g= oals). A nonce tends to be an opaque value that must be preserved across t= he communication. Whereas a timestamp typically has defined semantics - so= metimes simply a non-decreasing integer value - and sometimes a representat= ion of time, and then, sometimes with a uniqueness requirement. > > For discussion purposes, I'll say that the simplest thing for us to do (s= hould we decide to do anything in this regard) would be to define the nonce= as an opaque string value that must be preserved. > > We could also define a timestamp parameter, but as I wrote above, that wo= uld likely require us to specify additional semantics - starting with wheth= er it's a non-decreasing integer or a representation of a time value. This= seems much harder to define and possibly to use than a nonce. > > Would it make sense to define a nonce parameter now and hold off on defin= ing a timestamp parameter until there's a clear demonstrated use case for w= hich a nonce is not sufficient? That would be my personal recommendation. > > Best wishes, > -- Mike > > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of J= im Schaad > Sent: Friday, August 17, 2012 12:05 AM > To: jose@ietf.org > Subject: [jose] POLL: Nonce/Timestamp parameter > > > > If you voted at the face-2-face please do not vote again. If you want to= provide comments please change the title from POLL to DISCUSS. > > Do we need to define a nonce/timestamp parameter in the base specificatio= n? > > > > Room vote: 6 yes, 0 no, 1 discuss > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose