IETF Logo Mail Archive

Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)

"Jim Schaad" <ietf@augustcellars.com> Sat, 18 October 2014 23:25 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 448A61A1A0F; Sat, 18 Oct 2014 16:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nANBn1AtdTWl; Sat, 18 Oct 2014 16:25:52 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9B621A19F8; Sat, 18 Oct 2014 16:25:52 -0700 (PDT)
Received: from Philemon (unknown [50.38.74.159]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 87CD02CA0E; Sat, 18 Oct 2014 16:25:51 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Pete Resnick' <presnick@qti.qualcomm.com>, 'The IESG' <iesg@ietf.org>
References: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Sat, 18 Oct 2014 16:23:11 -0700
Message-ID: <00e101cfeb2a$7dea61e0$79bf25a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIN4qKG8ObNxyuxAaR8KjLXkn4lRJu6enJg
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/ERsjVUD6xzP7EDKk0Y3GjxJjTEE
Cc: jose-chairs@tools.ietf.org, jose@ietf.org, draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2014 23:25:55 -0000


> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Tuesday, October 14, 2014 5:46 AM
> To: Pete Resnick; The IESG
> Cc: jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web-
> signature@tools.ietf.org
> Subject: RE: Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33:
> (with DISCUSS and COMMENT)
> 
> > -----Original Message-----
> > From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
> > Sent: Saturday, October 04, 2014 6:58 PM
> > To: Pete Resnick; The IESG
> > Cc: jose-chairs@tools.ietf.org; jose@ietf.org;
> > draft-ietf-jose-json-web- signature@tools.ietf.org
> > Subject: Re: [jose] Pete Resnick's Discuss on
> > draft-ietf-jose-json-web-signature-
> > 33: (with DISCUSS and COMMENT)
> >
> > Thanks for your review, Pete.  I've added the working group to the thread.
> > Replies are inline below...
> >
> > > -----Original Message-----
> > > From: Pete Resnick [mailto:presnick@qti.qualcomm.com]
> > > Sent: Wednesday, October 01, 2014 9:14 PM
> > > To: The IESG
> > > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-
> > > signature@tools.ietf.org
> > > Subject: Pete Resnick's Discuss on
> > > draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
> > >
> > > --------------------------------------------------------------------
> > > --
> > > COMMENT:
> > > --------------------------------------------------------------------
> > > --
> > >
> > > 3.2:
> > >
> > >    In the JWS JSON Serialization, a JWS object is represented as the
> > >    combination of these four values,
> > >       BASE64URL(UTF8(JWS Protected Header)),
> > >       JWS Unprotected Header,
> > >       BASE64URL(JWS Payload), and
> > >       BASE64URL(JWS Signature)
> > >
> > > Why is the Payload (a) part of the serialization and (b) base64ed?
> > > Are you saying that the only way I can use JWS is to include the
> > > payload as part of the JOSE object? Why can't it be a separate
> > > thing? Also, why does it
> > have to be base64ed?
> > > It could be a UTF-8 string, or it could be a large binary object
> > > that I'm using in a non-JSON context, neither of which I want to
> > > bloat by base64ing it. This seems bogus.
> >
> > It is base64url encoded because JSON has no way of representing
> > arbitrary octet sequences.  This enables the "binary object" case that
> you're describing to work.
> > Also note that this was extensively discussed by the working group in
> > the context of issue #26 http://trac.tools.ietf.org/wg/jose/trac/ticket/26.

Pete, would a pointer to Appendix F at some point be useful?  This describes how to do detached content.

v2.23.0 | Report a Bug | By Email