IETF Logo Mail Archive

Re: [jose] Should we delete the "typ" header field

Nat Sakimura <sakimura@gmail.com> Fri, 31 May 2013 03:04 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8B821F98AC for <jose@ietfa.amsl.com>; Thu, 30 May 2013 20:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.948
X-Spam-Level:
X-Spam-Status: No, score=-1.948 tagged_above=-999 required=5 tests=[AWL=0.651, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBUznGYsTRpO for <jose@ietfa.amsl.com>; Thu, 30 May 2013 20:04:38 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id DB5DD21F96E1 for <jose@ietf.org>; Thu, 30 May 2013 20:04:35 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id lx15so947729lab.10 for <jose@ietf.org>; Thu, 30 May 2013 20:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:mime-version:in-reply-to:date:message-id:subject:to :cc:content-type; bh=eYB5a5jFCEBCA9KDAwHyFwdGAy3e2tLGtaBFWoV8FIU=; b=tRU6wWP1LWZVrsY1JaDbklsKJ7p3oC6uBLEHnTNBtXhaa7Oo1h456fPa7c+CP96wEh GUij15Qh1u1nfhZD5QYnbKW6Sm8V9a38e/f+6AamgkXaEWBglRM0TjWtgJ6R/HW06hAQ CqRqRnJQfsIlnRR6n4CPDNx0uVQgDgiC6JVqSpWsVnV9A8E2ztpiuim1YaB8sy+GSw5B I5SgH3vWJ7+uEiQh/dvlZDLd06280wT4wp8n+ykY/QjGvBvseevMIaAFBfF1C034eZeK cablHVA8dEQNqeu+1ngiUkTpBialv9o1bdZTZXBZLM6JOP19U7O5erC/5Uk0IBuBFFCs sLNg==
X-Received: by 10.152.26.166 with SMTP id m6mr4903618lag.50.1369969474703; Thu, 30 May 2013 20:04:34 -0700 (PDT)
References: <02b701ce5cb8$46ae77e0$d40b67a0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5499@TK5EX14MBXC285.redmond.corp.microsoft.com> <030801ce5cc6$5064daf0$f12e90d0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5787@TK5EX14MBXC285.redmond.corp.microsoft.com> <427D27E7-04B7-43F6-87A1-0ACB20AAFB93@mitre.org> <49dc8abc726a4acd86283caf833c9751@BY2PR03MB189.namprd03.prod.outlook.com> <CAL02cgT4LLnohQhuUjNBOvGATFkJxH83vtQFtcdsK2eOettG4Q@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943677CC05D@TK5EX14MBXC285.redmond.corp.microsoft.com>
From: Nat Sakimura <sakimura@gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943677CC05D@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Fri, 31 May 2013 12:04:33 +0900
Message-ID: <-6010843842911613845@unknownmsgid>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e0160a6f4e499a804ddfadf2b"
Cc: Richard Barnes <rlb@ipv.sx>, Anthony Nadalin <tonynad@microsoft.com>, Jim Schaad <ietf@augustcellars.com>, "Richer, Justin P." <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2013 03:04:39 -0000

+1

=nat via iPhone

May 31, 2013 7:23、Mike Jones <Michael.Jones@microsoft.com> のメッセージ:

  It’s not that they affect the JOSE processing rules – it’s that they make
it easier for JOSE applications to have more consistent processing rules.



This brings us back full circle.  I believe that Jim’s original reasoning
from the 2011-2012 discussion of this still applies:



[JLS] If it is believe that a parameter this list is going to be “commonly”
used by many different profilers, then I believe that the core items needs
to be done the in the base specification.  I would therefore not be in
favor of punting it out to somebody else.  The only exception would be if
we are going to have a very light core and a “real” core specs.  In this
case the very light core spec could punt to the “real” core spec.  Having
said that I think that a registry would be a good idea.



                                                                Cheers,

                                                                -- Mike



*From:* jose-bounces@ietf.org
[mailto:jose-bounces@ietf.org<jose-bounces@ietf.org>]
*On Behalf Of *Richard Barnes
*Sent:* Thursday, May 30, 2013 2:37 PM
*To:* Anthony Nadalin
*Cc:* Mike Jones; Richer, Justin P.; jose@ietf.org; Jim Schaad
*Subject:* Re: [jose] Should we delete the "typ" header field



If they don't affect JOSE, then they shouldn't be in the base spec.

--Richard





On Thursday, May 30, 2013, Anthony Nadalin wrote:

I agree that they are fine as-is. We can and should be clearer that these
fields don’t effect the JOSE processing but are application fields.



*From:* jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');>[mailto:
jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');>]
*On Behalf Of *Richer, Justin P.
*Sent:* Thursday, May 30, 2013 8:31 AM
*To:* Mike Jones
*Cc:* Jim Schaad;
jose@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose@ietf.org');>
*Subject:* Re: [jose] Should we delete the "typ" header field



I think that the two fields are fine as they're currently defined, as Mike
describes below. They're hanging points for information that other
applications of the JOSE stack can use to switch functionality out, and as
such they should be well-defined and optional to allow general libraries
and applications to do their jobs.



 -- Justin





On May 29, 2013, at 7:51 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:



 “typ” declares what the type of THIS OBJECT is.

“cty” declares what the type of THE PAYLOAD or THE PLAINTEXT is.



They’re different.



In the JWT case, a JWT Claims Set (the normal JWT Payload), which is a JSON
Object containing Claims, is a completely different data structure from a
JWT, which is a dot-separated list of base64url encoded fields.  The “cty”
represents the former; the “typ” represents the latter.



                                                                -- Mike



*From:* Jim Schaad [mailto:ietf@augustcellars.com]
*Sent:* Wednesday, May 29, 2013 4:43 PM
*To:* Mike Jones; jose@ietf.org
*Subject:* RE: [jose] Should we delete the "typ" header field



Can you justify why the JWT spec shou

    _______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email