Re: [jose] Ted Lemon's No Objection on draft-ietf-jose-json-web-key-33: (with COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Sat, 10 January 2015 04:53 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCAD1A802F; Fri, 9 Jan 2015 20:53:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.301
X-Spam-Level:
X-Spam-Status: No, score=-1.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zNzja6STWS3; Fri, 9 Jan 2015 20:52:57 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0122.outbound.protection.outlook.com [65.55.169.122]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D8C81A1B76; Fri, 9 Jan 2015 20:52:56 -0800 (PST)
Received: from BY1PR0301MB1207.namprd03.prod.outlook.com (25.161.203.156) by BY1PR0301MB1301.namprd03.prod.outlook.com (25.161.206.150) with Microsoft SMTP Server (TLS) id 15.1.49.12; Sat, 10 Jan 2015 04:52:54 +0000
Received: from CO2PR03CA0013.namprd03.prod.outlook.com (10.141.194.140) by BY1PR0301MB1207.namprd03.prod.outlook.com (25.161.203.156) with Microsoft SMTP Server (TLS) id 15.1.53.17; Sat, 10 Jan 2015 04:52:52 +0000
Received: from BN1BFFO11FD026.protection.gbl (2a01:111:f400:7c10::1:174) by CO2PR03CA0013.outlook.office365.com (2a01:111:e400:1414::12) with Microsoft SMTP Server (TLS) id 15.1.53.17 via Frontend Transport; Sat, 10 Jan 2015 04:52:52 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD026.mail.protection.outlook.com (10.58.144.89) with Microsoft SMTP Server (TLS) id 15.1.49.13 via Frontend Transport; Sat, 10 Jan 2015 04:52:51 +0000
Received: from TK5EX14MBXC287.redmond.corp.microsoft.com ([169.254.2.242]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0210.003; Sat, 10 Jan 2015 04:52:27 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Ted Lemon (Ted.Lemon@nominum.com)" <Ted.Lemon@nominum.com>
Thread-Topic: Re: Ted Lemon's No Objection on draft-ietf-jose-json-web-key-33: (with COMMENT)
Thread-Index: AdAskTP4mVcykdmaTJmDDK+v7+X3dQ==
Date: Sat, 10 Jan 2015 04:52:26 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BC633F2@TK5EX14MBXC287.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BC633F2TK5EX14MBXC287r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377424004)(189002)(199003)(15975445007)(68736005)(102836002)(19300405004)(230783001)(19580395003)(77156002)(64706001)(84326002)(87936001)(110136001)(62966003)(46102003)(92566002)(66066001)(86612001)(2930100002)(2900100001)(512954002)(19617315012)(104016003)(86362001)(55846006)(19625215002)(97736003)(2920100001)(69596002)(81156004)(106466001)(16236675004)(6806004)(26826002)(54356999)(33656002)(50986999)(2656002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1207; H:mail.microsoft.com; FPR:; SPF:Pass; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-DmarcStatus-Test: Passed
X-DmarcAction-Test: None
X-Microsoft-Antispam: UriScan:;UriScan:;
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(3003003)(3005003); SRVR:BY1PR0301MB1207;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004); SRVR:BY1PR0301MB1207;
X-Forefront-PRVS: 0452022BE1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BY1PR0301MB1207;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2015 04:52:51.5923 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[131.107.125.37]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0301MB1207
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1301;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/EwpbWMh4vG8CGfeMAGsN_LIumaw>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Ted Lemon's No Objection on draft-ietf-jose-json-web-key-33: (with COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jan 2015 04:53:00 -0000
Hi Ted, In reviewing the JOSE drafts in preparation for them being approved, I was looking at https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-key/ballot/#ted-lemon and saw that you'd filed a NO OBJECTION ballot (with COMMENT) that for some reason wasn't delivered to my e-mail. Since I hasn't seen it until today, I hadn't previously responded. My apologies! Your comment was: Comment (2014-10-02 for -33) I'm not sure whether I need to complain about this, but the following seems underspecified: UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation of STRING. ASCII(STRING) denotes the octets of the ASCII [USASCII] representation of STRING. The issue is that we don't know what STRING is. Is it 32-bit unicode? Is it ASCII? What does it mean to have ASCII(unicode string)? Is ASCII(STRING) an assertion that STRING is representable as ASCII? These are fair questions. The STRING in this notation is always a sequence of characters with an unspecified representation. The notations UTF8(STRING) and ASCII(STRING) are used to represent the character string as an octet sequence with a particular character encoding. You're right that ASCII(Unicode string) isn't meaningful in the general case; it's only used when the character set of STRING is constrained to containing only ASCII characters. I suppose that you're right you could think of ASCII(STRING) as an assertion that STRING is representable in ASCII, but it means more than that; it specifies a particular octet sequence that represents those characters. For instance, while both ASCII("Abc") and UTF8("Abc") result in the octet sequence [65, 98, 99], if we were to have a related UTF16BitEndian() function (which we don't), UTF16BitEndian("Abc") would represent the octet sequence [0, 65, 0, 98, 0, 99] and EBCDIC("Abc") would represent the octet sequence [193, 130, 131]. But now I'm off into esoterica... ;-) Back to the topic at hand, the notation UTF8(STRING) was adopted to replace the much more verbose notation "the octets of the UTF-8 representation of STRING" which used to appear repeatedly throughout the drafts and in particular, the notation BASE64URL(UTF-8(STRING)) replaces the also previously very common notation "the Base64url encoding of the octets of the UTF-8 representation of STRING". This was an improvement suggested by Jim Schaad in one of his review comments. If you think that the current notation is unclear, we should sort out how to clarify it. The best I've come up with is to add the phrase ", where STRING is a sequence of zero or more Unicode characters" to these definitions. (The language "sequence of zero or more Unicode characters" comes from the introduction to RFC 7159.) Do you think that would address your questions, or do you have an alternate suggestion? Sorry again for you not receiving a reply to this until now! Best wishes, -- Mike
- Re: [jose] Ted Lemon's No Objection on draft-ietf… Mike Jones
- Re: [jose] Ted Lemon's No Objection on draft-ietf… Ted Lemon
- Re: [jose] Ted Lemon's No Objection on draft-ietf… Mike Jones
- Re: [jose] Ted Lemon's No Objection on draft-ietf… Mike Jones
- Re: [jose] Ted Lemon's No Objection on draft-ietf… Ted Lemon