Re: [jose] Opsdir review of draft-ietf-jose-jwk-thumbprint-05
Mike Jones <Michael.Jones@microsoft.com> Tue, 23 June 2015 19:51 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 797F51B2FC4; Tue, 23 Jun 2015 12:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZ4zCRRByRcX; Tue, 23 Jun 2015 12:51:16 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0110.outbound.protection.outlook.com [65.55.169.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8CD81B2FC3; Tue, 23 Jun 2015 12:51:15 -0700 (PDT)
Received: from BLUPR03MB437.namprd03.prod.outlook.com (10.141.78.147) by BLUPR03MB437.namprd03.prod.outlook.com (10.141.78.147) with Microsoft SMTP Server (TLS) id 15.1.201.11; Tue, 23 Jun 2015 19:51:14 +0000
Received: from BLUPR03MB437.namprd03.prod.outlook.com ([10.141.78.147]) by BLUPR03MB437.namprd03.prod.outlook.com ([10.141.78.147]) with mapi id 15.01.0201.000; Tue, 23 Jun 2015 19:51:14 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Sarah Banks <sbanks@encrypted.net>
Thread-Topic: Opsdir review of draft-ietf-jose-jwk-thumbprint-05
Thread-Index: AQHQreN/GfDuatcgVUW5AsbFAychwZ26bIVQgAANn4CAAAO+wA==
Date: Tue, 23 Jun 2015 19:51:14 +0000
Message-ID: <BLUPR03MB43772C035417DEEB3DA3BF5F5A00@BLUPR03MB437.namprd03.prod.outlook.com>
References: <545A3564-B70F-40A4-A787-B582DFDD5D53@encrypted.net> <BLUPR03MB437271C9E968FD842B376A4F5A00@BLUPR03MB437.namprd03.prod.outlook.com> <71A19E5A-166C-48B6-86B8-9530E65948FF@encrypted.net>
In-Reply-To: <71A19E5A-166C-48B6-86B8-9530E65948FF@encrypted.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: encrypted.net; dkim=none (message not signed) header.d=none;
x-originating-ip: [50.47.90.173]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB437; 5:L/oL3y78dBw1mdOPe2eqxc070PrR55qXrjlhW2EtTlS0MaZ3j9GhXc1Xqk25YoE5nqRGjaizc0DLcVefYMvNKiSCj72GLs0jtF4xWTWnQd4D33xokrxML2e3CucMqfa86IPLQ6RPCyiBf5NyBY3Cyg==; 24:OXTCqV67OsnqHjdVSuU2ceNCYrlo7PwAeVMPGca7QhApMidp9XQv2bsfrozuUdpj6FCCZTcXHn7K0E4y9KVbefbz2B0fiqFrwBpqTvZ7wIo=; 20:6DZ+Kl/zafRbHznQRvW8060Opt5+PuCu/gNf14SgIsb+rnJT2IKhHbxcZrjhqQrKEmnVuPMVvaF2rPeup3ZzGQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB437;
x-microsoft-antispam-prvs: <BLUPR03MB437F2D85148A717E8942AECF5A00@BLUPR03MB437.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BLUPR03MB437; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB437;
x-forefront-prvs: 06167FAD59
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(13464003)(24454002)(164054003)(51914003)(86612001)(86362001)(2900100001)(77156002)(62966003)(87936001)(50986999)(77096005)(19580395003)(19300405004)(122556002)(40100003)(46102003)(19580405001)(102836002)(2950100001)(74316001)(19625215002)(19617315012)(33656002)(76576001)(5003600100002)(2656002)(15975445007)(99286002)(54356999)(106116001)(66066001)(110136002)(5001960100002)(189998001)(92566002)(5002640100001)(230783001)(16236675004)(76176999); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB437; H:BLUPR03MB437.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: multipart/alternative; boundary="_000_BLUPR03MB43772C035417DEEB3DA3BF5F5A00BLUPR03MB437namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2015 19:51:14.4980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB437
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/E4C0koykej10JWQPur2v9Qd2Wtg>
Cc: "<ops-dir@ietf.org>" <ops-dir@ietf.org>, "draft-ietf-jose-jwk-thumbprint.all@tools.ietf.org" <draft-ietf-jose-jwk-thumbprint.all@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Opsdir review of draft-ietf-jose-jwk-thumbprint-05
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 19:51:19 -0000
Thanks, Sarah. Here's the output of the tool and responses to it: -- Looks like a reference, but probably isn't: '1' on line 413 -- Looks like a reference, but probably isn't: '0' on line 413 == Missing Reference: 'specified ' is mentioned on line 412, but not defined The lines referenced by the output above are: 411 [JWA].) For example, if an RSA key were to use "e":"AAEAAQ" 412 (representing [0, 1, 0, 1]) rather than the specified correct 413 representation of "e":"AQAB" (representing [1, 0, 1]), a different All of these three nits are false positives in the tool output. -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' -- Possible downref: Non-RFC (?) normative reference: ref. 'UNICODE' It's appropriate for both of these references to be normative, for the same reasons that they are in http://tools.ietf.org/html/rfc7518#section-10.1. Also, about whether the draft is standards-track or informational, this was discussed by the working group and because it's being normatively referenced by other specs, the decision was to leave it standards-track. Best wishes, -- Mike From: Sarah Banks [mailto:sbanks@encrypted.net] Sent: Tuesday, June 23, 2015 12:30 PM To: Mike Jones Cc: draft-ietf-jose-jwk-thumbprint.all@tools.ietf.org; <ops-dir@ietf.org>; jose@ietf.org Subject: Re: Opsdir review of draft-ietf-jose-jwk-thumbprint-05 Hey Mike, they were from the nits checker within tools, and click on the "nits" button. Here's the (long) URL to it from my browser: https://www.ietf.org/tools/idnits?url=https://www.ietf.org/archive/id/draft-ietf-jose-jwk-thumbprint-05.txt Thanks Sarah On Jun 23, 2015, at 11:43 AM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote: Thanks for the review, Sarah. Could you send us a link to the review comments in the tools? (I poked around, including at https://svn.tools.ietf.org/area/ops/trac/wiki/Directorates, and couldn't find the review comments.) Thanks, -- Mike -----Original Message----- From: Sarah Banks [mailto:sbanks@encrypted.net] Sent: Tuesday, June 23, 2015 11:36 AM To: draft-ietf-jose-jwk-thumbprint.all@tools.ietf.org<mailto:draft-ietf-jose-jwk-thumbprint.all@tools.ietf.org>; <ops-dir@ietf.org<mailto:ops-dir@ietf.org>> Subject: Opsdir review of draft-ietf-jose-jwk-thumbprint-05 I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Document reviewed: draft-ietf-jose-jwk-thumbprint-05 Summary: Ready to go, no nits, 5 comments (see tools). Overall, if I were implementing this in code, I'd appreciate the preamble, thanks for the clear description. I also appreciate that the security section was well considered and discussed. I have no major comments, other than that it read like .. an algorithm to me, and I was a bit surprised to see it on the Standards track, rather than informational, but that's just a comment, not a nit or problem. The draft is ready to go. Thanks Sarah