Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

The "switch" does have to be a JOSE protocol element, because the JOSE
protocol logic has to be self-contained.
--Richard

On Mon, Apr 15, 2013 at 1:44 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  Use of “spi” is one such possible “switch”.  Use of the OAuth Dynamic
> Client Registration specification to obtain keys or key references is
> another.  Other applications may choose exchange the keys other ways.****
>
> ** **
>
> The “switch” doesn’t have to be a JOSE protocol element.  Although you
> could consider the lack of a key indicator in the JOSE header to be a clear
> indication in the JOSE protocol elements that the switch has been thrown,
> meaning that it’s up to the application to use its logical to determine
> which key(s) to use – which is a normal use case.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Monday, April 15, 2013 10:37 AM
>
> *To:* odonoghue@isoc.org
> *Cc:* jose@ietf.org
> *Subject:* Re: [jose] Feedback request on jose tracker issue #8: Should
> we add a "spi" header field?****
>
> ** **
>
> 2 or 3****
>
> ** **
>
> All of the "1" responses are missing the point of SPI -- if you want to be
> able to omit fields (as people seem to want to do), then you need a switch
> to turn off "stand-alone mode".  ****
>
> ** **
>
> So responding "1" here is the same as responding "1" on the ISSUE-15 poll,
> that at least one key indicator MUST be present.  ****
>
> ** **
>
> ** **
>
> On Thu, Apr 11, 2013 at 7:58 PM, Karen O'Donoghue <odonoghue@isoc.org>
> wrote:****
>
> Issue #8 http://trac.tools.ietf.org/wg/jose/trac/ticket/8 proposes adding
> an “spi” (security parameters index) header parameter to the JWS and JWE
> specifications.  This modification to the JOSE formats would allow for
> signaling that pre-negotiated cryptographic parameters are being used,
> rather than including those parameters in the JWS or JWE header.  This
> proposal has been written up as
> http://tools.ietf.org/html/draft-barnes-jose-spi-00. ****
>
>  ****
>
> Which of these best describes your preferences on this issue?****
>
> 1.  Have draft-barnes-jose-spi remain a separate specification that could
> optionally also be supported by JWS and JWE implementations.****
>
> 2.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications
> as a mandatory feature.****
>
> 3.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications
> as an optional feature.****
>
> 4.  Another resolution (please specify in detail).****
>
> 0.  I need more information to decide.****
>
> Your reply is requested by Friday, April 19th or earlier. ****
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
> ** **
>