Re: [jose] Header criticality -- hidden consensus?
Richard Barnes <rlb@ipv.sx> Fri, 08 February 2013 23:46 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1875621F8BEF for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:46:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.39
X-Spam-Level:
X-Spam-Status: No, score=-2.39 tagged_above=-999 required=5 tests=[AWL=0.586, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1Fafh6P-D1K for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:46:40 -0800 (PST)
Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) by ietfa.amsl.com (Postfix) with ESMTP id 954CA21F8B73 for <jose@ietf.org>; Fri, 8 Feb 2013 15:46:39 -0800 (PST)
Received: by mail-lb0-f178.google.com with SMTP id n1so3409214lba.9 for <jose@ietf.org>; Fri, 08 Feb 2013 15:46:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=03PtW+DRJyRrhWxbzZQT+NntRxTMpOPl9pxvndDVJ7U=; b=F7MhUojfpqwzNlMN/aZzlIrZgOg4/j+2sNNqjldo/Omm4it+CPl/tWO9rtUYRupYqX b9fHa7QZ9NWprcOxlKyXYuDLi3Tqo+KtgqZM6uZJo2r6jXgAwwnwlqVOgba4mNT/9McH 38f+ETK8La/mvwnn0pYJbhO1oy98WnlZrgr/pmuoS7itYepknJmiPLLj+9sNbuLu78Kl sFyKpxMkVixIV7676f5FDauYxomylWWe5W9udty/lsEbDoqYiqTHbuYdSVGeGrW39ODW hsFF8Lve4nwM6CH1Eo6Hky72IMdlRAT43J/3V2efK+0RVnJPi2AL+vC/skTcrgFkwOWL a8lw==
MIME-Version: 1.0
X-Received: by 10.112.47.168 with SMTP id e8mr2956955lbn.46.1360367198422; Fri, 08 Feb 2013 15:46:38 -0800 (PST)
Received: by 10.112.147.164 with HTTP; Fri, 8 Feb 2013 15:46:38 -0800 (PST)
X-Originating-IP: [192.1.51.63]
In-Reply-To: <CA+k3eCSbtSTT55J=jOhEQBTDeyu7TM35F_tswt-bKAdd4-VkJw@mail.gmail.com>
References: <CAL02cgRxeS-DomWzVBmoqzps57jgvrUSLn5nrFtqcrTD1wQa=g@mail.gmail.com> <CA+k3eCSbtSTT55J=jOhEQBTDeyu7TM35F_tswt-bKAdd4-VkJw@mail.gmail.com>
Date: Fri, 08 Feb 2013 18:46:38 -0500
Message-ID: <CAL02cgRcHcZBd6dt2vLFfByCRKxTMqhzf2FyMety0qcsg2c+Lw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="bcaec553fde0a0495504d53f2b06"
X-Gm-Message-State: ALoCoQkif3jysKwYp2K7A2ODaMsAcQapXVsalgVP4CRgbifcizFZ9OQ2H5FefwpNKasmyVyXJLx6
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 23:46:41 -0000
Sorry about that! But you're in the "No" camp anyway, so it doesn't really change the outcome here. On Fri, Feb 8, 2013 at 6:34 PM, Brian Campbell <bcampbell@pingidentity.com>wrote: > FWIW, I didn't see my name on the tabulation but I did 'vote' > http://www.ietf.org/mail-archive/web/jose/current/msg01461.html > > > On Fri, Feb 8, 2013 at 4:11 PM, Richard Barnes <rlb@ipv.sx> wrote: > >> We're 24 votes into the header criticality poll, so I thought I would go >> ahead and take a look at how the results are shaping up. My initial >> tabulation is below. The result on the FIRST POLL (the main one) is as >> follows: >> >> No: 10 >> Yes: 14 >> >> What I find striking, however, is that every single person that voted >> "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody who >> thinks that all headers should be critical thinks that a JOSE library >> should actually be required to enforce this constraint. And that means >> that enforcing that all headers are supported cannot be a MUST according to >> RFC 2119. >> >> So I wonder if there's consensus to remove the following text from JWE >> and JWS: >> -----BEGIN-JWE----- >> 4. The resulting JWE Header MUST be validated to only include >> parameters and values whose syntax and semantics are both >> understood and supported. >> -----END-JWE----- >> -----BEGIN-JWS----- >> 4. The resulting JWS Header MUST be validated to only include >> parameters and values whose syntax and semantics are both >> understood and supported. >> -----END-JWS----- >> >> Otherewise, a JOSE library conforming to these specifications would be >> REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains an >> unknown header, contradicting all those "Yes" votes on the SECOND POLL. >> >> --Richard >> >> >> >> -----BEGIN-Tabulation----- >> 1 2 3 Name: >> N - - Bradley >> N - - Ito >> N N A Yee >> N N B Barnes >> N N B Rescorla >> N N C Manger >> N N C Octman >> N Y A Fletcher >> N Y A Miller >> N Y A Sakimura >> Y Y - D'Agostino >> Y Y A Biering >> Y Y A Brault >> Y Y A Hedberg >> Y Y A Jay >> Y Y A Jones >> Y Y A Marais >> Y Y A Nadalin >> Y Y A Nara >> Y Y A Nennker >> Y Y A Solberg >> Y Y B Hardt >> Y Y B Medeiros >> Y Y C Matake >> Y Y C Mishra >> -----END-Tabulation----- >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> >> >
- [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Header criticality -- hidden consensus? Hannes Tschofenig
- Re: [jose] Header criticality -- hidden consensus? Manger, James H
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS