IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

Justin Richer <jricher@mitre.org> Mon, 27 August 2012 15:00 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA93021F86DA for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 08:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.561
X-Spam-Level:
X-Spam-Status: No, score=-6.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uT9TBnAdbWCz for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 08:00:24 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9F521F866B for <jose@ietf.org>; Mon, 27 Aug 2012 08:00:23 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 098DD21B1853; Mon, 27 Aug 2012 11:00:23 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id EB82021B1851; Mon, 27 Aug 2012 11:00:22 -0400 (EDT)
Received: from [10.146.15.29] (129.83.31.58) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.2.309.2; Mon, 27 Aug 2012 11:00:22 -0400
Message-ID: <503B8B2D.7070202@mitre.org>
Date: Mon, 27 Aug 2012 10:58:53 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [129.83.31.58]
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2012 15:00:24 -0000

How is "issued at" not a timestamp?

  -- Justin

On 08/24/2012 07:02 PM, Mike Jones wrote:
> I'll note for discussion purposes that a nonce and a timestamp are not the same thing (although sometimes they are used to achieve similar/related goals).  A nonce tends to be an opaque value that must be preserved across the communication.  Whereas a timestamp typically has defined semantics - sometimes simply a non-decreasing integer value - and sometimes a representation of time, and then, sometimes with a uniqueness requirement.
>
> For discussion purposes, I'll say that the simplest thing for us to do (should we decide to do anything in this regard) would be to define the nonce as an opaque string value that must be preserved.
>
> We could also define a timestamp parameter, but as I wrote above, that would likely require us to specify additional semantics - starting with whether it's a non-decreasing integer or a representation of a time value.  This seems much harder to define and possibly to use than a nonce.
>
> Would it make sense to define a nonce parameter now and hold off on defining a timestamp parameter until there's a clear demonstrated use case for which a nonce is not sufficient?  That would be my personal recommendation.
>
> 				Best wishes,
> 				-- Mike
>
> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
> Sent: Friday, August 17, 2012 12:05 AM
> To: jose@ietf.org
> Subject: [jose] POLL: Nonce/Timestamp parameter
>
> <CHAIR>
>
> If you voted at the face-2-face please do not vote again.  If you want to provide comments please change the title from POLL to DISCUSS.
>
> Do we need to define a nonce/timestamp parameter in the base specification?
>
>
>
> Room vote:  6 yes, 0 no, 1 discuss
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.43.4 | Report a Bug | By Email | System Status