Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
Nat Sakimura <sakimura@gmail.com> Sat, 20 April 2013 15:03 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E644B21F91BF for <jose@ietfa.amsl.com>; Sat, 20 Apr 2013 08:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.207
X-Spam-Level:
X-Spam-Status: No, score=-2.207 tagged_above=-999 required=5 tests=[AWL=-1.059, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVx1MWrDry-N for <jose@ietfa.amsl.com>; Sat, 20 Apr 2013 08:03:00 -0700 (PDT)
Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com [209.85.217.175]) by ietfa.amsl.com (Postfix) with ESMTP id D57C921F91B2 for <jose@ietf.org>; Sat, 20 Apr 2013 08:02:59 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id o10so4490867lbi.20 for <jose@ietf.org>; Sat, 20 Apr 2013 08:02:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:references:from:mime-version:in-reply-to:date:message-id :subject:to:cc:content-type; bh=0b3UQ/wNLqwiZ0TPeUsqVW4hZ+0mCVfvpLyVenwZTXI=; b=ufk0BvcS9I1k+Kl/BuU6DYr0zLwZRv3bifGQ2vyibcHWE3Iii9vtq1vsgg00w0C2v4 OHyAoB2a8omPnmzMAeNKYyhTGVvaSObHx49FV9ELLW1lDowq3iFZcAZKaX215akYf5F9 aRcW+hl0HqPJoWzy9nbOOU/nTUHdK7n0MmaoUdqBbDvtFr4PTARdBottrERwun0qpXxW 4SKUGHORloBmw61kDCswbnaY+fRE7vYdGPjk5v9IMU2SxRFZdICNt1ILYE4acr/GjX75 y60J80Iy4BNIeOgx0IZdoJjS7zjHvMb+iRTyit4IpFmr8lN2o8L1ZHRmuW9Ai9HE2dBl s7Kg==
X-Received: by 10.112.141.38 with SMTP id rl6mr9300341lbb.101.1366470178782; Sat, 20 Apr 2013 08:02:58 -0700 (PDT)
References: <A3598C19-D882-46B3-92FB-A203BF1BE585@vigilsec.com> <4E1F6AAD24975D4BA5B1680429673943676776F8@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgSO4DQ9-zJspFMy2LcaFH8Y64kvJ5wc5vyfi7BrudvmEw@mail.gmail.com> <0072E7B1-1CD4-46DB-8954-52E795B5C861@vigilsec.com> <4E1F6AAD24975D4BA5B16804296739436767934E@TK5EX14MBXC284.redmond.corp.microsoft.com> <F0E0420E-6259-4446-A0EA-78A76FF743E5@ve7jtb.com>
From: Nat Sakimura <sakimura@gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <F0E0420E-6259-4446-A0EA-78A76FF743E5@ve7jtb.com>
Date: Sat, 20 Apr 2013 22:54:12 +0900
Message-ID: <-5894109702243771834@unknownmsgid>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="001a11c2605a9a43c604dacc21db"
Cc: Richard Barnes <rlb@ipv.sx>, Mike Jones <Michael.Jones@microsoft.com>, Russ Housley <housley@vigilsec.com>, "jose@ietf.org" <jose@ietf.org>, Karen O'Donoghue <odonoghue@isoc.org>
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2013 15:03:02 -0000
+1 =nat via iPhone Apr 20, 2013 3:34、John Bradley <ve7jtb@ve7jtb.com> のメッセージ: Yes using "alg":"spi" is cleaner and allowed by the current spec. I am not keen on omitting alg as a flag. On 2013-04-19, at 3:10 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: BTW, in terms of a “dedicated flag”, I’d previously suggested to Richard in private communication that one way for the SPI spec to do his cleanly would be to use “alg”: “spi”, rather than omitting the “alg” field entirely. The “spi” value would then be registered by the SPI spec in the algorithms registry - pointing back to the SPI spec. I personally think that this is cleaner than just omitting “alg”, since it maintains the invariant that all JWS and JWE representations have an “alg” value that is used to determine the processing rules. Cheers, -- Mike *From:* Russ Housley [mailto:housley@vigilsec.com] *Sent:* Friday, April 19, 2013 10:51 AM *To:* Richard Barnes; Mike Jones *Cc:* Karen O'Donoghue; jose@ietf.org *Subject:* Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field? +1 On Apr 19, 2013, at 1:42 PM, Richard Barnes wrote: In principle, you could use the omission of the "alg" field as a signal that pre-negotiation is going on. However, that seems like not the most useful way to do it, and it conflicts with current practice -- namely the examples currently in the JWE and JWS specs. Those examples use pre-negotiation, but they also have an "alg" field. It's not very useful because it doesn't provide the recipient any clue about how to populate the missing fields. There's a semantic mis-match here as well, since a JWE with pre-negotiation is still a JWE, just an incomplete one. A dedicated flag field like SPI provides a clearer indication, and it also provides a hook that out-of-band protocols can use to connect in the pre-negotiated parameters. --Richard On Fri, Apr 19, 2013 at 12:06 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: Russ, I'm curious why you say that the "spi" field needs to be in the base spec. From a spec factoring point of view, even if SPI remains a completely separate spec and nothing is said in the base spec, there would be no confusion or conflicts, including for implementations. Here's why: - A header without an "alg" field is not recognized as a JWS or JWE, so there's no conflict there - A JWS or JWE can legally contain a "spi" header field and a registry is already provided to define the meanings of additional header fields, so there's no conflict there either Therefore, it seems like the separate spec could use the registry to define the meaning of "spi" in a JWS and JWE and could furthermore define the semantics of objects using headers without an "alg" field but including a "spi" field. No conflicts. And clear separation of concerns. Those wanting the SPI functionality could use it. Those not needing it would need to do nothing - which I think is as it should be. Best wishes, -- Mike -----Original Message----- From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Russ Housley Sent: Friday, April 19, 2013 8:37 AM To: odonoghue@isoc.org; jose@ietf.org Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field? Combination of 1 and 2. The field needs to be in the base specifications, but the only rule that needs to be included in the base specification is an exact match of the identifier. Russ = = = = = = = = = = 1. Have draft-barnes-jose-spi remain a separate specification that could optionally also be supported by JWS and JWE implementations. 2. Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as a mandatory feature. 3. Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as an optional feature. 4. Another resolution (please specify in detail). _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- Re: [jose] Feedback request on jose tracker issue… Dick Hardt
- [jose] Feedback request on jose tracker issue #8:… Karen O'Donoghue
- Re: [jose] Feedback request on jose tracker issue… Manger, James H
- Re: [jose] Feedback request on jose tracker issue… Axel.Nennker
- Re: [jose] Feedback request on jose tracker issue… Roland Hedberg
- Re: [jose] Feedback request on jose tracker issue… hideki nara
- Re: [jose] Feedback request on jose tracker issue… Mike Jones
- Re: [jose] Feedback request on jose tracker issue… nov matake
- Re: [jose] Feedback request on jose tracker issue… Matias Woloski
- Re: [jose] Feedback request on jose tracker issue… Anthony Nadalin
- Re: [jose] Feedback request on jose tracker issue… Richard Barnes
- Re: [jose] Feedback request on jose tracker issue… Mike Jones
- Re: [jose] Feedback request on jose tracker issue… Edmund Jay
- Re: [jose] Feedback request on jose tracker issue… Richard Barnes
- Re: [jose] Feedback request on jose tracker issue… charles.marais@orange.com
- Re: [jose] Feedback request on jose tracker issue… Sascha Preibisch
- Re: [jose] Feedback request on jose tracker issue… John Bradley
- Re: [jose] Feedback request on jose tracker issue… Javier Rojas Blum
- Re: [jose] Feedback request on jose tracker issue… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Feedback request on jose tracker issue… Russ Housley
- Re: [jose] Feedback request on jose tracker issue… Mike Jones
- Re: [jose] Feedback request on jose tracker issue… Richard Barnes
- Re: [jose] Feedback request on jose tracker issue… Russ Housley
- Re: [jose] Feedback request on jose tracker issue… Mike Jones
- Re: [jose] Feedback request on jose tracker issue… John Bradley
- Re: [jose] Feedback request on jose tracker issue… Salvatore D'Agostino
- Re: [jose] Feedback request on jose tracker issue… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Feedback request on jose tracker issue… Nat Sakimura