Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Mike Jones <Michael.Jones@microsoft.com> Thu, 04 April 2013 23:03 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE59821F8A52 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 16:03:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zP9ZuR9zH88 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 16:03:52 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) by ietfa.amsl.com (Postfix) with ESMTP id 07F8C21F8A4E for <jose@ietf.org>; Thu, 4 Apr 2013 16:03:51 -0700 (PDT)
Received: from BY2FFO11FD001.protection.gbl (10.1.15.200) by BY2FFO11HUB032.protection.gbl (10.1.14.177) with Microsoft SMTP Server (TLS) id 15.0.664.0; Thu, 4 Apr 2013 23:03:38 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD001.mail.protection.outlook.com (10.1.14.123) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Thu, 4 Apr 2013 23:03:38 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0318.003; Thu, 4 Apr 2013 23:03:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>
Thread-Topic: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Thread-Index: AQHOMOfwKd8uL4zx4Um/PWKBN2+o4JjGQCtQgAA+xwCAAC0UQA==
Date: Thu, 04 Apr 2013 23:03:35 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943675B568E@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.0ab64512938724c4d95e33c537c743e4@trac.tools.ietf.org> <56E2D113-F689-4C41-93AF-3C0DB8E70A6C@gmail.com> <4E1F6AAD24975D4BA5B1680429673943675B4F18@TK5EX14MBXC283.redmond.corp.microsoft.com> <E82CBC0D-F2C6-4860-BF2B-686C73BAACFF@gmail.com>
In-Reply-To: <E82CBC0D-F2C6-4860-BF2B-686C73BAACFF@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(24454001)(13464002)(377454001)(56816002)(33656001)(81542001)(50466001)(49866001)(56776001)(54316002)(79102001)(47976001)(16406001)(46406002)(31966008)(47446002)(5343635001)(44976002)(77982001)(47736001)(66066001)(65816001)(4396001)(59766001)(80022001)(69226001)(63696002)(51856001)(54356001)(5343655001)(74662001)(20776003)(74502001)(46102001)(15202345001)(76482001)(81342001)(55846006)(23726001)(50986001)(53806001)(47776003); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB032; H:TK5EX14HUBC104.redmond.corp.microsoft.com; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08062C429B
Cc: "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 23:03:53 -0000
I think it's better for three reasons. First, I think it's better to reserve the names and define the new processing rules in the document where they're defined - the JWT spec. Second, the "iss" and "aud" header values aren't meaningful in JWEs in the general case - only in JWEs whose message is a JWT Claims Set. That's a scoping argument that they shouldn't be defined in the JWE spec. Third, as is normal for IETF specs, the "one place to look for reserved JWE header names" is the IANA registry for those names. Yes, the JWE spec reserves an initial set of names, but it won't be the only spec to reserve header parameter names, and so to see the full list, developers have to consult the registry. -- Mike P.S. There's already an example of the JWT spec reserving names in a registry defined by the JWS spec. See http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06#section-9.3.1. Reserving header parameter names in the JSON Web Signature and Encryption Header Parameters Registry established in JWS (see http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section-7.1.1) would be done in an analogous manner. -----Original Message----- From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Dick Hardt Sent: Thursday, April 04, 2013 1:10 PM To: Mike Jones Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names On Apr 4, 2013, at 9:27 AM, Mike Jones <Michael.Jones@microsoft.com> wrote: > JWT defines "aud" and "iss" and reserves them as claim names but not as JWE header parameter names, nor does it currently specify their usage in that location. My point is that I think the best way to accomplish what you're asking for is to have the JWT spec also reserve these as JWE header parameter names and define the semantics and processing rules associated with using them in that location. Repeating that you think it is "best" is not educating me on *why* you think it is "best"! The other reserved JWE header parameter names are not reserved in JWT. The current list of reserved JWE header parameter names are in the JWE document. Having another place to look for what names are reserved looks inefficient and error prone unless ALL reserved JWE header parameter names are listed in JWT. _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- [jose] #17: add 'aud' and 'iss' to 4.1 Reserved H… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… John Bradley
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Jim Schaad
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Matt Miller (mamille2)
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker