Re: [jose] #24: Move JWS headers into signature block
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Fri, 14 June 2013 22:56 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7141621E805D for <jose@ietfa.amsl.com>; Fri, 14 Jun 2013 15:56:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I71GSb0n+aOV for <jose@ietfa.amsl.com>; Fri, 14 Jun 2013 15:56:44 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id C86EC21E805A for <jose@ietf.org>; Fri, 14 Jun 2013 15:56:43 -0700 (PDT)
Received: from localhost ([127.0.0.1]:52689 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1Uncv7-0002QJ-0I; Sat, 15 Jun 2013 00:56:37 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Fri, 14 Jun 2013 22:56:36 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/24#comment:1
Message-ID: <064.2ecd3b99322f20f71f817a0ba1a3716e@trac.tools.ietf.org>
References: <049.3a20609eab4b4c08a7e01f21f6d6565d@trac.tools.ietf.org>
X-Trac-Ticket-ID: 24
In-Reply-To: <049.3a20609eab4b4c08a7e01f21f6d6565d@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130614225643.C86EC21E805A@ietfa.amsl.com>
Resent-Date: Fri, 14 Jun 2013 15:56:43 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #24: Move JWS headers into signature block
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 22:56:44 -0000
#24: Move JWS headers into signature block Comment (by michael.jones@microsoft.com): The problem with this proposal is that it makes the structure of the headers for the JWS and JWE JSON Serializations no longer parallel. Having unnecessary differences between the two can only confuse developers and hurt interoperability. We decided at the interim meeting in Denver not to have per-recipient protected headers and so that's what's in the -11 specs. It therefore doesn't make a lot of sense to add them to the JWS Compact Serialization when there are cryptographic reasons that they can't be added to the JWE Compact Serialization in the general case (as discussed at length!). Also, having shared protected and unprotected header locations in the JWS Compact Serialization means that if all signatures are doing something in common, such as using the same algorithm, they can represent this in one place, rather than being forced to replicate the information for each signature. This capability is already there in the JWE JSON Serialization. Let's not then remove it for JWS. -- -------------------------+------------------------------------------------- Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- Type: defect | signature@tools.ietf.org Priority: major | Status: new Component: json-web- | Milestone: signature | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/24#comment:1> jose <http://tools.ietf.org/jose/>
- [jose] #24: Move JWS headers into signature block jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Daniel Holth
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Brian Campbell