IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

Mike Jones <Michael.Jones@microsoft.com> Mon, 15 April 2013 17:45 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5541721F9415 for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 10:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cILe9zFfGByh for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 10:45:04 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0205.outbound.protection.outlook.com [207.46.163.205]) by ietfa.amsl.com (Postfix) with ESMTP id A582921F941A for <jose@ietf.org>; Mon, 15 Apr 2013 10:45:03 -0700 (PDT)
Received: from BL2FFO11FD010.protection.gbl (10.173.161.204) by BL2FFO11HUB036.protection.gbl (10.173.161.116) with Microsoft SMTP Server (TLS) id 15.0.664.0; Mon, 15 Apr 2013 17:45:02 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD010.mail.protection.outlook.com (10.173.161.16) with Microsoft SMTP Server (TLS) id 15.0.675.0 via Frontend Transport; Mon, 15 Apr 2013 17:45:01 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0318.003; Mon, 15 Apr 2013 17:44:38 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "odonoghue@isoc.org" <odonoghue@isoc.org>
Thread-Topic: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
Thread-Index: AQHONxC00YowpNiVekuEgBwlBm4BWJjXkZaAgAAAggA=
Date: Mon, 15 Apr 2013 17:44:37 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436764218A@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <51674E2D.3040604@isoc.org> <CAL02cgRQf4MrFQvZ+e6wLm+UqtCZnPG7sO2i_iibb5Yia+4bVQ@mail.gmail.com>
In-Reply-To: <CAL02cgRQf4MrFQvZ+e6wLm+UqtCZnPG7sO2i_iibb5Yia+4bVQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436764218ATK5EX14MBXC283r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(24454001)(189002)(5383001)(199002)(377454001)(77982001)(5343635001)(81542001)(74502001)(74662001)(69226001)(16406001)(4396001)(33656001)(51856001)(66066001)(56776001)(55846006)(44976003)(54356001)(65816001)(47736001)(16236675002)(5343655001)(16297215002)(20776003)(512954001)(50986001)(47976001)(76482001)(81342001)(53806001)(71186001)(59766001)(564824004)(63696002)(561944001)(18277545001)(80022001)(18276755001)(56816002)(49866001)(15202345002)(79102001)(47446002)(46102001)(31966008)(54316002); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB036; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0817737FD1
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 17:45:06 -0000

Use of "spi" is one such possible "switch".  Use of the OAuth Dynamic Client Registration specification to obtain keys or key references is another.  Other applications may choose exchange the keys other ways.

The "switch" doesn't have to be a JOSE protocol element.  Although you could consider the lack of a key indicator in the JOSE header to be a clear indication in the JOSE protocol elements that the switch has been thrown, meaning that it's up to the application to use its logical to determine which key(s) to use - which is a normal use case.

                                                            -- Mike

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Monday, April 15, 2013 10:37 AM
To: odonoghue@isoc.org
Cc: jose@ietf.org
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

2 or 3

All of the "1" responses are missing the point of SPI -- if you want to be able to omit fields (as people seem to want to do), then you need a switch to turn off "stand-alone mode".

So responding "1" here is the same as responding "1" on the ISSUE-15 poll, that at least one key indicator MUST be present.


On Thu, Apr 11, 2013 at 7:58 PM, Karen O'Donoghue <odonoghue@isoc.org<mailto:odonoghue@isoc.org>> wrote:
Issue #8 http://trac.tools.ietf.org/wg/jose/trac/ticket/8 proposes adding an "spi" (security parameters index) header parameter to the JWS and JWE specifications.  This modification to the JOSE formats would allow for signaling that pre-negotiated cryptographic parameters are being used, rather than including those parameters in the JWS or JWE header.  This proposal has been written up as http://tools.ietf.org/html/draft-barnes-jose-spi-00.

Which of these best describes your preferences on this issue?
1.  Have draft-barnes-jose-spi remain a separate specification that could optionally also be supported by JWS and JWE implementations.
2.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as a mandatory feature.
3.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as an optional feature.
4.  Another resolution (please specify in detail).
0.  I need more information to decide.
Your reply is requested by Friday, April 19th or earlier.

_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email