Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
"Jim Schaad" <ietf@augustcellars.com> Sat, 18 October 2014 23:25 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 448A61A1A0F; Sat, 18 Oct 2014 16:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nANBn1AtdTWl; Sat, 18 Oct 2014 16:25:52 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9B621A19F8; Sat, 18 Oct 2014 16:25:52 -0700 (PDT)
Received: from Philemon (unknown [50.38.74.159]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 87CD02CA0E; Sat, 18 Oct 2014 16:25:51 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Pete Resnick' <presnick@qti.qualcomm.com>, 'The IESG' <iesg@ietf.org>
References: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Sat, 18 Oct 2014 16:23:11 -0700
Message-ID: <00e101cfeb2a$7dea61e0$79bf25a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIN4qKG8ObNxyuxAaR8KjLXkn4lRJu6enJg
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/ERsjVUD6xzP7EDKk0Y3GjxJjTEE
Cc: jose-chairs@tools.ietf.org, jose@ietf.org, draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2014 23:25:55 -0000
> -----Original Message----- > From: Mike Jones [mailto:Michael.Jones@microsoft.com] > Sent: Tuesday, October 14, 2014 5:46 AM > To: Pete Resnick; The IESG > Cc: jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web- > signature@tools.ietf.org > Subject: RE: Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: > (with DISCUSS and COMMENT) > > > -----Original Message----- > > From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones > > Sent: Saturday, October 04, 2014 6:58 PM > > To: Pete Resnick; The IESG > > Cc: jose-chairs@tools.ietf.org; jose@ietf.org; > > draft-ietf-jose-json-web- signature@tools.ietf.org > > Subject: Re: [jose] Pete Resnick's Discuss on > > draft-ietf-jose-json-web-signature- > > 33: (with DISCUSS and COMMENT) > > > > Thanks for your review, Pete. I've added the working group to the thread. > > Replies are inline below... > > > > > -----Original Message----- > > > From: Pete Resnick [mailto:presnick@qti.qualcomm.com] > > > Sent: Wednesday, October 01, 2014 9:14 PM > > > To: The IESG > > > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web- > > > signature@tools.ietf.org > > > Subject: Pete Resnick's Discuss on > > > draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT) > > > > > > -------------------------------------------------------------------- > > > -- > > > COMMENT: > > > -------------------------------------------------------------------- > > > -- > > > > > > 3.2: > > > > > > In the JWS JSON Serialization, a JWS object is represented as the > > > combination of these four values, > > > BASE64URL(UTF8(JWS Protected Header)), > > > JWS Unprotected Header, > > > BASE64URL(JWS Payload), and > > > BASE64URL(JWS Signature) > > > > > > Why is the Payload (a) part of the serialization and (b) base64ed? > > > Are you saying that the only way I can use JWS is to include the > > > payload as part of the JOSE object? Why can't it be a separate > > > thing? Also, why does it > > have to be base64ed? > > > It could be a UTF-8 string, or it could be a large binary object > > > that I'm using in a non-JSON context, neither of which I want to > > > bloat by base64ing it. This seems bogus. > > > > It is base64url encoded because JSON has no way of representing > > arbitrary octet sequences. This enables the "binary object" case that > you're describing to work. > > Also note that this was extensively discussed by the working group in > > the context of issue #26 http://trac.tools.ietf.org/wg/jose/trac/ticket/26. Pete, would a pointer to Appendix F at some point be useful? This describes how to do detached content.
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Kathleen Moriarty
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Pete Resnick
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Kathleen Moriarty
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Pete Resnick
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… John Bradley
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones