Re: [jose] Header criticality -- hidden consensus?

Hannes Tschofenig <hannes.tschofenig@gmx.net> Sat, 09 February 2013 13:05 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF8F521F8B4A for <jose@ietfa.amsl.com>; Sat, 9 Feb 2013 05:05:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.45
X-Spam-Level:
X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8Js53rWQmkV for <jose@ietfa.amsl.com>; Sat, 9 Feb 2013 05:05:01 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 57F4B21F8B18 for <jose@ietf.org>; Sat, 9 Feb 2013 05:04:57 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.1]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0MJHgy-1U5o0I1402-002qNO for <jose@ietf.org>; Sat, 09 Feb 2013 14:04:56 +0100
Received: (qmail invoked by alias); 09 Feb 2013 13:04:56 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.100]) [88.115.219.140] by mail.gmx.net (mp001) with SMTP; 09 Feb 2013 14:04:56 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19SiQA7tzlSOdR13H46VAZva4nG0oVCyfVokyhHgT QyX54pqMHch/4L
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <CAL02cgRxeS-DomWzVBmoqzps57jgvrUSLn5nrFtqcrTD1wQa=g@mail.gmail.com>
Date: Sat, 09 Feb 2013 15:04:53 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <79494CF6-05D3-4470-9CC8-9B9E18135542@gmx.net>
References: <CAL02cgRxeS-DomWzVBmoqzps57jgvrUSLn5nrFtqcrTD1wQa=g@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Feb 2013 13:05:02 -0000

Richard, 

I am wondering whether it wouldn't make more sense to let the chairs judge the consensus call and to propose the next steps. They asked the question and I am sure they had a specific reason to frame the questions in that particular way. 

Ciao
Hannes

On Feb 9, 2013, at 1:11 AM, Richard Barnes wrote:

> We're 24 votes into the header criticality poll, so I thought I would go ahead and take a look at how the results are shaping up.  My initial tabulation is below.  The result on the FIRST POLL (the main one) is as follows:
> 
> No: 10
> Yes: 14
> 
> What I find striking, however, is that every single person that voted "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL.  So nobody who thinks that all headers should be critical thinks that a JOSE library should actually be required to enforce this constraint.  And that means that enforcing that all headers are supported cannot be a MUST according to RFC 2119.
> 
> So I wonder if there's consensus to remove the following text from JWE and JWS:
> -----BEGIN-JWE-----
>    4.   The resulting JWE Header MUST be validated to only include
>         parameters and values whose syntax and semantics are both
>         understood and supported.
> -----END-JWE-----
> -----BEGIN-JWS-----
>    4.  The resulting JWS Header MUST be validated to only include
>        parameters and values whose syntax and semantics are both
>        understood and supported.
> -----END-JWS-----
> 
> Otherewise, a JOSE library conforming to these specifications would be REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains an unknown header, contradicting all those "Yes" votes on the SECOND POLL.
> 
> --Richard
> 
> 
> 
> -----BEGIN-Tabulation-----
> 1       2       3    Name:           
> N       -       -    Bradley         
> N       -       -    Ito             
> N       N       A    Yee             
> N       N       B    Barnes          
> N       N       B    Rescorla        
> N       N       C    Manger          
> N       N       C    Octman          
> N       Y       A    Fletcher        
> N       Y       A    Miller          
> N       Y       A    Sakimura        
> Y       Y       -    D'Agostino      
> Y       Y       A    Biering         
> Y       Y       A    Brault          
> Y       Y       A    Hedberg         
> Y       Y       A    Jay             
> Y       Y       A    Jones           
> Y       Y       A    Marais          
> Y       Y       A    Nadalin         
> Y       Y       A    Nara            
> Y       Y       A    Nennker         
> Y       Y       A    Solberg         
> Y       Y       B    Hardt           
> Y       Y       B    Medeiros        
> Y       Y       C    Matake          
> Y       Y       C    Mishra    
> -----END-Tabulation-----
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose