Re: [jose] POLL(s): header criticality
Dirkjan Ochtman <dirkjan@ochtman.nl> Thu, 07 February 2013 20:26 UTC
Return-Path: <djc.ochtman@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B5921F8901 for <jose@ietfa.amsl.com>; Thu, 7 Feb 2013 12:26:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKxd6n9ImuC2 for <jose@ietfa.amsl.com>; Thu, 7 Feb 2013 12:26:32 -0800 (PST)
Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) by ietfa.amsl.com (Postfix) with ESMTP id 8630121F852C for <jose@ietf.org>; Thu, 7 Feb 2013 12:26:32 -0800 (PST)
Received: by mail-ob0-f173.google.com with SMTP id dn14so3192642obc.18 for <jose@ietf.org>; Thu, 07 Feb 2013 12:26:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=ankwyBaf8aYCYKaR0tcIvTPyOCNDbJZhBvWnwzlXng8=; b=p6ZMgkkA+vqz+FqVVGun/XTRVwRKI9KBvB9dExpR2xKBYokWKMGiJW1mVpInJLa0La YG6Wuodf1QM7+r/XMocnLwzY7efjDDonWxZ/joUwZt+dc9qBvYY8SqmfmTE+Bbg4X/HM SUvQo7stJllXgvFkbCShuvDtHbNmaSNf0HkKj3zDd/EdisYGDhBT5PSvbrfsiglXEGC4 XFOi4xOfwM5jvoAsXAeXkP9oKrrx0WZWmalPvX2httytSWv2sfkSi5ZZ4ZQpxWU0ldIA Zrpf9jyLxKNZ3Iqa6jP+2+AqbE0NR4XdsdQyyOGjiSe3Zn31Uq1a0AOxHUFiatSKd2sK xBbQ==
X-Received: by 10.60.169.203 with SMTP id ag11mr2201505oec.124.1360268791447; Thu, 07 Feb 2013 12:26:31 -0800 (PST)
MIME-Version: 1.0
Sender: djc.ochtman@gmail.com
Received: by 10.76.90.73 with HTTP; Thu, 7 Feb 2013 12:26:11 -0800 (PST)
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11506FD2258@WSMSG3153V.srv.dir.telstra.com>
References: <510FCA42.5000704@isoc.org> <CABzCy2BjRfCFum7fiALTkTMN2aHA3Enq6CNKn8BnsH4XQh28Ug@mail.gmail.com> <CAL02cgQPT8qz2s3w+weWCvWVSSJ==DtVBHGpE=tqhs9LJWxymQ@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E11506FD2258@WSMSG3153V.srv.dir.telstra.com>
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Thu, 07 Feb 2013 21:26:11 +0100
X-Google-Sender-Auth: ZHHeTYDMoqF0OjR9FR314Bj4IYo
Message-ID: <CAKmKYaAOSsei=s9XF3GrkeHVBrpnk_SwG9GLE1=fbcoGb0Yj2g@mail.gmail.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 20:26:33 -0000
I'll second James' vote: 1. NO 2. NO 3. C -- one critical field; the definition of each value for this field implies what else you need to understand; if you want to add a new field that MUST be understood, just use a new value for the one critical field. Cheers, Dirkjan On Thu, Feb 7, 2013 at 12:04 PM, Manger, James H <James.H.Manger@team.telstra.com> wrote: > 1. NO > > 2. NO > > 3. C -- one critical field; the definition of each value for this field > implies what else you need to understand; if you want to add a new field > that MUST be understood, just use a new value for the one critical field. > > > > > > I second Richard's comment about YES to 2. > > What would a JOSE library API look like if all fields MUST be understood by > “the system”? Does the “top” layer tell the library what it understands; > does the library return a list of unrecognized fields? > > > > -- > > James Manger > > > > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Richard Barnes > Sent: Thursday, 7 February 2013 6:02 AM > To: odonoghue@isoc.org; jose@ietf.org > > > Subject: Re: [jose] POLL(s): header criticality > > > > tl;dr: > > FIRST POLL: NO > SECOND POLL: NO > THIRD POLL: B > > Further notes: > > On SECOND POLL: Voting "Yes" on the SECOND POLL is equivalent to voting "NO" > on the FIRST POLL. If the requirement isn't placed on any particular > element of the system, then nobody will implement it, and there will be no > control. > > On THIRD POLL: I don't care all that much about the specific syntax, but I > have a strong preference that these non-critical fields be excluded from the > integrity check that is applied to the header. So I would prefer something > like what Dick suggested, but encoded as a separate element of a JW* object. > As Breno notes, this can be done in a backwards compatible way. (I voted > "B" because I understood "A" to imply something like Mike's earlier > proposal, which would have just had a list of field names.) > > In any case, I would encourage the chairs to focus on the first poll, and > view any results in the second and third as informative for further > discussion of wording or syntax. > > > > > > On Wed, Feb 6, 2013 at 1:47 PM, Nat Sakimura <sakimura@gmail.com> wrote: > > FIRST POLL: NO > > SECOND POLL: YES > THIRD POLL: A > > > > 2013/2/4 Karen O'Donoghue <odonoghue@isoc.org> > > Folks, > > I am wrestling with how to help drive consensus on the topic of criticality > of headers. For background, please review the current specification text, > the minutes to the Atlanta meeting (IETF85), and the mailing list > (especially the discussion in December with (Subj: Whether implementations > must understand all JOSE header fields)). We need to come to closure on this > issue in order to progress the specifications. > > As a tool to gather further information on determining a way forward, the > following polls have been created. Please respond before 11 February 2013. > > Thanks, > Karen > > ******************* > FIRST POLL: Should all header fields be critical for implementations to > understand? > > YES – All header fields must continue to be understood by implementations or > the input must be rejected. > > NO – A means of listing that specific header fields may be safely ignored > should be defined. > > ******************** > SECOND POLL: Should the result of the first poll be "YES", should text like > the following be added? “Implementation Note: The requirement to understand > all header fields is a requirement on the system as a whole – not on any > particular level of library software. For instance, a JOSE library could > process the headers that it understands and then leave the processing of the > rest of them up to the application. For those headers that the JOSE library > didn’t understand, the responsibility for fulfilling the ‘MUST understand’ > requirement for the remaining headers would then fall to the application.” > > YES – Add the text clarifying that the “MUST understand” requirement is a > requirement on the system as a whole – not specifically on JOSE libraries. > > NO – Don’t add the clarifying text. > > ************************ > THIRD POLL: Should the result of the first poll be "NO", which syntax would > you prefer for designating the header fields that may be ignored if not > understood? > > A – Define a header field that explicitly lists the fields that may be > safely ignored if not understood. > > B – Introduce a second header, where implementations must understand all > fields in the first but they may ignore not-understood fields in the second. > > C - Other??? (Please specify in detail.) > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > > > > -- > Nat Sakimura (=nat) > > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- Re: [jose] POLL(s): header criticality Edmund Jay
- [jose] POLL(s): header criticality Karen O'Donoghue
- Re: [jose] POLL(s): header criticality Anthony Nadalin
- Re: [jose] POLL(s): header criticality John Bradley
- Re: [jose] POLL(s): header criticality Matt Miller (mamille2)
- Re: [jose] POLL(s): header criticality Mike Jones
- Re: [jose] POLL(s): header criticality Dick Hardt
- Re: [jose] POLL(s): header criticality Breno de Medeiros
- Re: [jose] POLL(s): header criticality Breno de Medeiros
- Re: [jose] POLL(s): header criticality George Fletcher
- Re: [jose] POLL(s): header criticality Dick Hardt
- Re: [jose] POLL(s): header criticality sebastien.brault
- Re: [jose] POLL(s): header criticality Mike Jones
- Re: [jose] POLL(s): header criticality Brian Campbell
- Re: [jose] POLL(s): header criticality Nat Sakimura
- Re: [jose] POLL(s): header criticality Richard Barnes
- Re: [jose] POLL(s): header criticality Eric Rescorla
- Re: [jose] POLL(s): header criticality Peter Yee
- Re: [jose] POLL(s): header criticality Axel.Nennker
- Re: [jose] POLL(s): header criticality hideki nara
- Re: [jose] POLL(s): header criticality Ryo Ito
- Re: [jose] POLL(s): header criticality Hannes Tschofenig
- Re: [jose] POLL(s): header criticality Roland Hedberg
- Re: [jose] POLL(s): header criticality Mike Jones
- Re: [jose] POLL(s): header criticality charles.marais@orange.com
- Re: [jose] POLL(s): header criticality Hannes Tschofenig
- Re: [jose] POLL(s): header criticality Casper Biering
- Re: [jose] POLL(s): header criticality Manger, James H
- Re: [jose] POLL(s): header criticality Stephen Kent
- Re: [jose] POLL(s): header criticality Dirkjan Ochtman
- Re: [jose] POLL(s): header criticality Mike Jones
- Re: [jose] POLL(s): header criticality Richard Barnes
- Re: [jose] POLL(s): header criticality Mike Jones
- Re: [jose] POLL(s): header criticality Hannes Tschofenig
- Re: [jose] POLL(s): header criticality nov matake
- Re: [jose] POLL(s): header criticality Andreas Åkre Solberg
- Re: [jose] POLL(s): header criticality Prateek Mishra
- Re: [jose] POLL(s): header criticality Richard Barnes
- Re: [jose] POLL(s): header criticality Salvatore D'Agostino
- Re: [jose] POLL(s): header criticality Chuck Mortimore
- Re: [jose] POLL(s): header criticality Torsten Lodderstedt
- Re: [jose] POLL(s): header criticality Russ Housley
- Re: [jose] POLL(s): header criticality Vladimir Dzhuvinov / NimbusDS
- Re: [jose] POLL(s): header criticality Stephen Kent
- Re: [jose] POLL(s): header criticality HAYASHI, Tatsuya