IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

Mike Jones <Michael.Jones@microsoft.com> Fri, 19 April 2013 16:07 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 190B321F8FD3 for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 09:07:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.013
X-Spam-Level:
X-Spam-Status: No, score=-1.013 tagged_above=-999 required=5 tests=[AWL=1.586, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3ESuruTya5R for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 09:07:30 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0241.outbound.protection.outlook.com [207.46.163.241]) by ietfa.amsl.com (Postfix) with ESMTP id C2B0321F8F9D for <jose@ietf.org>; Fri, 19 Apr 2013 09:07:30 -0700 (PDT)
Received: from BN1BFFO11FD016.protection.gbl (10.58.52.204) by BN1BFFO11HUB020.protection.gbl (10.58.53.130) with Microsoft SMTP Server (TLS) id 15.0.675.0; Fri, 19 Apr 2013 16:07:29 +0000
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.37) by BN1BFFO11FD016.mail.protection.outlook.com (10.58.53.76) with Microsoft SMTP Server (TLS) id 15.0.675.0 via Frontend Transport; Fri, 19 Apr 2013 16:07:28 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.245]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0318.003; Fri, 19 Apr 2013 16:06:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Russ Housley <housley@vigilsec.com>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
Thread-Index: AQHOPROqHDBQ9x2uwEWdVoWSp7L0YZjds0bw
Date: Fri, 19 Apr 2013 16:06:47 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943676776F8@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <A3598C19-D882-46B3-92FB-A203BF1BE585@vigilsec.com>
In-Reply-To: <A3598C19-D882-46B3-92FB-A203BF1BE585@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(5383001)(199002)(189002)(13464002)(377454001)(50986001)(56816002)(76482001)(46102001)(50466001)(16406001)(54316002)(4396001)(51856001)(74502001)(81542001)(47736001)(56776001)(77982001)(54356001)(46406003)(33656001)(63696002)(80022001)(55846006)(47446002)(47976001)(69226001)(66066001)(23726002)(49866001)(53806001)(74662001)(81342001)(31966008)(47776003)(65816001)(6806003)(59766001)(79102001)(20776003); DIR:OUT; SFP:; SCL:1; SRVR:BN1BFFO11HUB020; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08213D42D3
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2013 16:07:32 -0000

Russ, I'm curious why you say that the "spi" field needs to be in the base spec.  From a spec factoring point of view, even if SPI remains a completely separate spec and nothing is said in the base spec, there would be no confusion or conflicts, including for implementations.  Here's why:
  - A header without an "alg" field is not recognized as a JWS or JWE, so there's no conflict there
  - A JWS or JWE can legally contain a "spi" header field and a registry is already provided to define the meanings of additional header fields, so there's no conflict there either

Therefore, it seems like the separate spec could use the registry to define the meaning of "spi" in a JWS and JWE and could furthermore define the semantics of objects using headers without an "alg" field but including a "spi" field.  No conflicts.  And clear separation of concerns.

Those wanting the SPI functionality could use it.  Those not needing it would need to do nothing - which I think is as it should be.

				Best wishes,
				-- Mike

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Russ Housley
Sent: Friday, April 19, 2013 8:37 AM
To: odonoghue@isoc.org; jose@ietf.org
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

Combination of 1 and 2.  The field needs to be in the base specifications, but the only rule that needs to be included in the base specification is an exact match of the identifier.

Russ

= = = = = = = = = =

1.  Have draft-barnes-jose-spi remain a separate specification that could optionally also be supported by JWS and JWE implementations.
2.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as a mandatory feature.
3.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as an optional feature.
4.  Another resolution (please specify in detail).

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email