Re: [jose] Working Group Last Call (WGLC) for draft-ietf-jose-cookbook-03

"Jim Schaad" <> Mon, 25 August 2014 16:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2D99B1A00F2 for <>; Mon, 25 Aug 2014 09:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jKt2mz5aSJxW for <>; Mon, 25 Aug 2014 09:35:27 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 23B001A035E for <>; Mon, 25 Aug 2014 09:23:52 -0700 (PDT)
Received: from Philemon ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id B042038F48; Mon, 25 Aug 2014 09:23:50 -0700 (PDT)
From: Jim Schaad <>
References: <>
In-Reply-To: <>
Date: Mon, 25 Aug 2014 09:21:27 -0700
Message-ID: <02d601cfc080$a27139f0$e753add0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: AQGFPKiIcwAAEqjcEwinNcWM88lucpx2hnEg
Subject: Re: [jose] Working Group Last Call (WGLC) for draft-ietf-jose-cookbook-03
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Aug 2014 16:35:30 -0000

I think that you should considering adding one more example to the document.
I would not consider the document as being unable to progress without this
example, I just think it would be a good example to have in the document.

The missing example in the document that I would like to see added would be
one to deal with a password that requires both processing into UTF8 as well
as some PRECIS processing. 

The PRECIS processing could be dealt with by having either some non-ASCII
space characters or having the step of doing some NFC normalization be
applied to the string before it is used as a password.  

I believe that this would be a good example to have in the document because
of the general bias of developers to be in the US and not understand these
types of I18N issues that need to be dealt with.


-----Original Message-----
From: jose [] On Behalf Of Karen ODonoghue
Sent: Wednesday, July 23, 2014 7:42 AM
Subject: [jose] Working Group Last Call (WGLC) for


This message starts a two week working group last call for the jose cookbook
document "Examples of Protecting Content using JavaScript Object Signing and
Encryption (JOSE)"

Please review the document and send comments, questions to the Working Group
mailing list < jose at > or the co-chairs <jose-chairs at > before the end of the WGLC. 

Please note that suggested changes which include proposed text will be more
strongly considered than those without. Additionally, even if you have no
comments, statements to the effect that "I have read this document and
believe it is ready for publication" are helpful.

Karen and Jim

jose mailing list