Re: [jose] Proposed resolution of header criticality issue
Richard Barnes <rlb@ipv.sx> Tue, 12 March 2013 12:12 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3534421F89E2 for <jose@ietfa.amsl.com>; Tue, 12 Mar 2013 05:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.976
X-Spam-Level:
X-Spam-Status: No, score=-4.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPdJar0sDHs4 for <jose@ietfa.amsl.com>; Tue, 12 Mar 2013 05:11:59 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 10C1821F89E1 for <jose@ietf.org>; Tue, 12 Mar 2013 05:11:59 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id h1so5666005oag.17 for <jose@ietf.org>; Tue, 12 Mar 2013 05:11:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=JC41NvBqnpfE44geIkkRxdBM5ZW/GEo6qGfSCPU6100=; b=Cdo9Tc8pMINavTOUTWSUshnEemoEvtUHUoj1rPvpqcpBFXUATZzqA4okbZQbyE5zFZ +4r9HgqNXtIP0lvj9pza1xyw8oaM9n9qxzJV+bmdX0kwR/TdEn+pIJ4k1zSaw6RZVlTa 8YV3r+5lhXIZtDVtSRFGMJrr/LSBTZAz3l88WwZPUWPAKLHp9MScsGGXqGTDqMp/5NPT PqXeMZdl9yIf58b7/kMiVms3vHDIfIFKbhXycaEqHO+LWb/6fj02RhdLSxtdVqeIDK4U UjxmiEs9BCS7iaRiWuXGPet4/6/dDg6kpH08o5DMvs1sbK+pTd5pygKYLP8IoEw/f0ZH 0ACA==
MIME-Version: 1.0
X-Received: by 10.60.171.102 with SMTP id at6mr12160188oec.60.1363090318641; Tue, 12 Mar 2013 05:11:58 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Tue, 12 Mar 2013 05:11:58 -0700 (PDT)
X-Originating-IP: [2001:df8:0:16:b46a:6672:197f:e937]
In-Reply-To: <20130311234447.cc40c4f3d92d2001859047cd8cabb9ab.64d2aabe52.wbe@email07.europe.secureserver.net>
References: <20130311234447.cc40c4f3d92d2001859047cd8cabb9ab.64d2aabe52.wbe@email07.europe.secureserver.net>
Date: Tue, 12 Mar 2013 08:11:58 -0400
Message-ID: <CAL02cgQ0EKrpn398Nw6a0caKyA_jrTJZTqLR59vALLsnPQNM_g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>
Content-Type: multipart/alternative; boundary="bcaec54ee0943d630404d7b932a5"
X-Gm-Message-State: ALoCoQl+ZYwuO8Tz4b+/ZKMlUdPBLJYbJtOPWo+RfdXoLCxQSJwSDLbUhJYsnUGRe/3I1S8YzRsp
Cc: jose@ietf.org
Subject: Re: [jose] Proposed resolution of header criticality issue
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 12:12:01 -0000
I really hope you're not using char[4] for field names :) On Tue, Mar 12, 2013 at 2:44 AM, Vladimir Dzhuvinov / NimbusDS < vladimir@nimbusds.com> wrote: > How about "crt" instead of "crit", to fit the three-letter convention > for naming fields? > > Vladimir > > -- > Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com > > > -------- Original Message -------- > Subject: [jose] Proposed resolution of header criticality issue > From: Karen O'Donoghue <odonoghue@isoc.org> > Date: Tue, March 12, 2013 12:31 am > To: jose@ietf.org > > > Folks, > > A side meeting was held Sunday with a number of jose working group > participants to try to resolve the open issue related to header > criticality. The following are the proposed resolutions from the > meeting. Point 5 of the proposed resolution below is actually > independent of the other 4 points, and could be considered separately. > This will all be discussed in Wednesday's meeting. > > In addition to the text below, there was some agreement to replace the > "understand" text with something a bit more explicit like "must > process". However, that text has not been rolled into the summary text > below yet. > > Thank you to Jim Schaad, Mike Jones, John Bradley, Nat Sakimura, Martin > Thomas, Eric Rescorla, Matt Miller, and Richard Barnes for your efforts > (and my apologies if I missed someone). > > Regards, > Karen > > 1: Change the language “Additional members MAY be present in the > JWK. If present, they MUST be understood by implementations using > them.” to “Additional members MAY be present in the JWK. If not > understood by implementations encountering them, they MUST be > ignored.” (And make the same change for JWK Set as well.) > > 2: Characterize all existing JWS and JWE header fields as either must > be understood or may be ignored. “alg”, “enc”, and “zip” > must be understood. “kid”, “x5u”, “x5c”, “x5t”, > “jwk”, “jku”, “typ”, and “cty” can be ignored because > while not using them may result in the inability to process some > signatures or encrypted content, this will not result in a security > violation – just degraded functionality. Other fields such as > “epk”, “apu”, “apv”, “epu”, and “epv” must be > understood and used when “alg” or “enc” values requiring them > are used, and otherwise they may be ignored. > > 3. Define a new header field that lists which additional fields not > defined in the base specifications must be understood and acted upon > when present. For instance, an expiration-time extension field could be > marked as must-be-understood-and-acted-upon. One possible name for this > would be “crit” (critical). An example use, along with a > hypothetical “exp” (expiration-time) field is: > > {"alg":"ES256", > "crit":["exp"], > "exp”:1363284000 > } > > 4. All additional header fields not defined in the base specifications > and not contained in the “crit” list MUST be ignored if not > understood. > > 5. Define a new header field “asd” (application-specific data) > whose value is a JSON structure whose contents are opaque to and ignored > by JWS and JWE implementations but for which its contents MUST be > provided to applications using JWS or JWE, provided that the > signature/MAC validation or decryption operation succeeds. The intended > use of this field is to have a standard place to provide > application-specific metadata about the payload or plaintext. > > > > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] Proposed resolution of header criticality … Karen O'Donoghue
- Re: [jose] Proposed resolution of header critical… Tim Bray
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Dirkjan Ochtman
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Matt Miller (mamille2)
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- [jose] "crit" strings don't have to be field names Manger, James H
- Re: [jose] "crit" strings don't have to be field … Richard Barnes
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… John Bradley