IETF Logo Mail Archive

Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names

Mike Jones <Michael.Jones@microsoft.com> Thu, 04 April 2013 16:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DAE21F946C for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.411
X-Spam-Level:
X-Spam-Status: No, score=-2.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Riv0AFv28JyX for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) by ietfa.amsl.com (Postfix) with ESMTP id 32E5521F93A9 for <jose@ietf.org>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
Received: from BN1BFFO11FD005.protection.gbl (10.58.52.204) by BN1BFFO11HUB027.protection.gbl (10.58.53.137) with Microsoft SMTP Server (TLS) id 15.0.664.0; Thu, 4 Apr 2013 16:33:02 +0000
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.37) by BN1BFFO11FD005.mail.protection.outlook.com (10.58.53.65) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Thu, 4 Apr 2013 16:32:57 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0318.003; Thu, 4 Apr 2013 16:32:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>
Thread-Topic: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Thread-Index: AQHOMJb9fKbFmdlEmkmugxkCWq4z8pjFb8gAgAAJAICAAMjAEA==
Date: Thu, 04 Apr 2013 16:32:49 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943675B4F79@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.45573b920fde1863b2b824557b6bbbe8@trac.tools.ietf.org> <70DD0047-E4B5-4A00-A74D-B4B3CC67D68E@gmail.com>
In-Reply-To: <70DD0047-E4B5-4A00-A74D-B4B3CC67D68E@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(51704002)(377454001)(13464002)(189002)(24454001)(76482001)(63696002)(56776001)(81342001)(54316002)(46102001)(16406001)(54356001)(74502001)(49866001)(51856001)(46406002)(23726001)(47776003)(59766001)(20776003)(80022001)(55846006)(5343655001)(69226001)(47736001)(77982001)(50986001)(50466001)(31966008)(65816001)(47976001)(47446002)(79102001)(4396001)(66066001)(74662001)(33656001)(56816002)(81542001)(53806001)(5343635001); DIR:OUT; SFP:; SCL:1; SRVR:BN1BFFO11HUB027; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08062C429B
Cc: "rlb@ipv.sx" <rlb@ipv.sx>, "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 16:33:11 -0000

Responding to your "unsettled" remark, I suspect most people are fine with having the "aud" and "iss" be claims in the JWT where they normally are.  Yes, you have to decrypt the token to get these claim values, but if you're going to use the token, you'll have to do that anyway.

I don't think it's clear to most people what problem is being solved by potentially these fields to be present in a different location.  Without a compelling use case, this just seems like more to implement without a clear benefit of doing so.

				-- Mike

-----Original Message-----
From: Dick Hardt [mailto:dick.hardt@gmail.com] 
Sent: Wednesday, April 03, 2013 9:29 PM
To: jose issue tracker
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; Mike Jones; rlb@ipv.sx; jose@ietf.org
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names

Actually, Mike was suggesting that the issue be moved to the JWT WG. 

I'll settle with the JWE spec pointing to an IANA registry. Speaking as an implementer, if there is a list of reserved names in the spec, I'm likely to think that is all of them.

I'm a little unsettled that no one else has had any feedback on having 'aud' and 'iss' in the JWE header. Is my implementation the only that has that requirement? 

-- Dick

On Apr 3, 2013, at 8:57 PM, "jose issue tracker" <trac+jose@trac.tools.ietf.org> wrote:

> #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
> 
> 
> Comment (by rlb@ipv.sx):
> 
> I agree with Mike that these don't really belong in the core JWE/JWS 
> specs.
> 
> I would suggest we address this issue more generally, by creating an 
> IANA registry of reserved parameter names, with a fairly liberal 
> inclusion policy.  That registry could have a field to indicate 
> whether JOSE implementations are REQUIRED to support a given parameter 
> (MTI parameters).  (Note that this is different from whether a JOSE 
> object is REQUIRED to contain a parameter.)  Perhaps we could have 
> optional parameters under a fairly liberal policy (e.g., Specification 
> Required), with a higher bar for MTI parameters (e.g., Standards Action).
> 
> If we set up the registry in this way, then Dick could write a short 
> Informational document that would register these fields.
> 
> --
> -------------------------+--------------------------------------------
> -------------------------+-----
> Reporter:               |       Owner:  draft-ietf-jose-json-web-
>  dick.hardt@gmail.com   |  encryption@tools.ietf.org
>     Type:  enhancement  |      Status:  new
> Priority:  major        |   Milestone:
> Component:  json-web-    |     Version:
>  encryption             |  Resolution:
> Severity:  -            |
> Keywords:               |
> -------------------------+--------------------------------------------
> -------------------------+-----
> 
> Ticket URL: 
> <http://trac.tools.ietf.org/wg/jose/trac/ticket/17#comment:2>
> jose <http://tools.ietf.org/jose/>
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email