IETF Logo Mail Archive

Re: [jose] Proposal about the SPI proposal

Edmund Jay <ejay@mgi1.com> Tue, 12 February 2013 00:29 UTC

Return-Path: <edmundjay@sbcglobal.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 126A321F87DF for <jose@ietfa.amsl.com>; Mon, 11 Feb 2013 16:29:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.522
X-Spam-Level:
X-Spam-Status: No, score=-2.522 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcUjCLvT5PDt for <jose@ietfa.amsl.com>; Mon, 11 Feb 2013 16:29:45 -0800 (PST)
Received: from nm3-vm0.access.bullet.mail.mud.yahoo.com (nm3-vm0.access.bullet.mail.mud.yahoo.com [66.94.237.136]) by ietfa.amsl.com (Postfix) with ESMTP id 6F99F21F87D2 for <jose@ietf.org>; Mon, 11 Feb 2013 16:29:45 -0800 (PST)
Received: from [66.94.237.193] by nm3.access.bullet.mail.mud.yahoo.com with NNFMP; 12 Feb 2013 00:29:45 -0000
Received: from [66.94.237.103] by tm4.access.bullet.mail.mud.yahoo.com with NNFMP; 12 Feb 2013 00:29:45 -0000
Received: from [127.0.0.1] by omp1008.access.mail.mud.yahoo.com with NNFMP; 12 Feb 2013 00:29:45 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 115792.25399.bm@omp1008.access.mail.mud.yahoo.com
Received: (qmail 83298 invoked by uid 60001); 12 Feb 2013 00:29:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1360628984; bh=mEEN5cSRgFcpYps7B9u37Nt3qzqsbPB5ibIY0puN8Ug=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=nVdRrgHaQgnu4K+HR4dRJRL92l77E9wSWmNyK0CrRx5Ev9z0dR/vFpIUKHSXxpwcBPAqCtccE64g9WRfKfI0GmK1gKF1P3pigEiv12/QBmcAS96cj/w3zAYlOCFhCwnxJ7gItJfVZULRjojtutwzbMTxTUrHzBjByofJLoplygI=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=HFD5EZYm2iER1xs3L7mmot5EH2WcxZnwh9lYaCbCqo3agN9wM6UuNSdYd4pCf4zqlqEyRdbjAoDV56zi6LzgBsS4tnG1uYoym2B1zjnk57B7D47UaaqU5lySnz3iJ2aXfUThsRpAdaZEcFum5MBk9QCgh8EuauP/JQWCUqapjjc=;
X-YMail-OSG: 8nOm1LUVM1l.ysZtzV1uPXFGLnOYmXpHUifIN.6Upv9gMHJ oPx60Y3pvRX03iUyy3zw4wU_uPmm47ZqDe89cuOIV6MfoyqhN2yAWMiXQVbo .uCEE4etKvucOqlKtt3am.GPsuBwSvFD7Hyz7CccqLpKsLpxSxhKTJbmf1Rt 1kVFWwHN5DKmCRRj7OPqgyK1w8k0MVEdNzoPWzZELy_dcm1NJA3cXb2XBQeR 5qOMsclNtYOuxhc7Xc7p1gZfnEJlmPFCq0E2zwOomkVOVUTbFU4tfgSsqd84 zD3NQtdtd_IjXHQNxLJXwLWxh_Q2keXNrgxx8V9o_i_cDqNQrti0KYnsaSYi JvLFQVc_C1jlO9LJH_w7ibGn.dbGuNWwFOFFZ_UZZkJh40U3kd1wCHh1YG02 i3NC_cb0mkCb78XmrHNKYVpvv.fzPFPUl98v3Dg1ebTYFWbiHL.K0OtjBumC zLEbHbVgyp6ypF.eBBctZJwgEH9XDdVivxVL27swwzcAoGhvWsY_cJi5JrbR oFY0Qbnd01kQADg--
Received: from [70.36.254.158] by web184403.mail.bf1.yahoo.com via HTTP; Mon, 11 Feb 2013 16:29:44 PST
X-Rocket-MIMEInfo: 001.001, KzEgZm9yIG5ldyBJLUQuCgoKCgoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkZyb206IEJyaWFuIENhbXBiZWxsIDxiY2FtcGJlbGxAcGluZ2lkZW50aXR5LmNvbT4KVG86ICJqb3NlQGlldGYub3JnIiA8am9zZUBpZXRmLm9yZz4KU2VudDogRnJpLCBGZWJydWFyeSA4LCAyMDEzIDM6MDE6NTEgUE0KU3ViamVjdDogW2pvc2VdIFByb3Bvc2FsIGFib3V0IHRoZSBTUEkgcHJvcG9zYWwKCgpNYXliZSB0aGlzIHdhcyBhcHBhcmVudCBmcm9tIG15IGNvbW1lbnRzL3F1ZXN0aW9ucyBvbiB0aGUgU1ABMAEBAQE-
X-RocketYMMF: edmundjay@sbcglobal.net
X-Mailer: YahooMailRC/718 YahooMailWebService/0.8.133.508
References: <CA+k3eCTo_=P_SQCG_ypiksVb-bfjuJ4Q9vt4r10wpuKPbFUWBg@mail.gmail.com>
Message-ID: <1360628984.83146.YahooMailRC@web184403.mail.bf1.yahoo.com>
Date: Mon, 11 Feb 2013 16:29:44 -0800
From: Edmund Jay <ejay@mgi1.com>
To: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
In-Reply-To: <CA+k3eCTo_=P_SQCG_ypiksVb-bfjuJ4Q9vt4r10wpuKPbFUWBg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-6906265-962908578-1360628984=:83146"
Subject: Re: [jose] Proposal about the SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 00:29:46 -0000

+1 for new I-D.






________________________________
From: Brian Campbell <bcampbell@pingidentity.com>
To: "jose@ietf.org" <jose@ietf.org>
Sent: Fri, February 8, 2013 3:01:51 PM
Subject: [jose] Proposal about the SPI proposal


Maybe this was apparent from my comments/questions on the SPI proposal over the 
last couple days[1] but I have concerns that run the gamut from operational 
complexity and fragility to security problems. I believe strongly that, without 
considerably more analysis and specification detail, the current SPI work is 
much too risky to consider go in the current base JOSE WG drafts.

As an alternative I'd like to request/propose that the SPI stuff be submitted as 
new I-D to help facilitate that additional discussion and analysis that I think 
it needs.


Thanks,
Brian


[1] http://www.ietf.org/mail-archive/web/jose/current/msg01500.html

v2.23.0 | Report a Bug | By Email