Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Mike Jones <Michael.Jones@microsoft.com> Thu, 04 April 2013 16:33 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DAE21F946C for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.411
X-Spam-Level:
X-Spam-Status: No, score=-2.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Riv0AFv28JyX for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) by ietfa.amsl.com (Postfix) with ESMTP id 32E5521F93A9 for <jose@ietf.org>; Thu, 4 Apr 2013 09:33:10 -0700 (PDT)
Received: from BN1BFFO11FD005.protection.gbl (10.58.52.204) by BN1BFFO11HUB027.protection.gbl (10.58.53.137) with Microsoft SMTP Server (TLS) id 15.0.664.0; Thu, 4 Apr 2013 16:33:02 +0000
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.37) by BN1BFFO11FD005.mail.protection.outlook.com (10.58.53.65) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Thu, 4 Apr 2013 16:32:57 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0318.003; Thu, 4 Apr 2013 16:32:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>
Thread-Topic: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Thread-Index: AQHOMJb9fKbFmdlEmkmugxkCWq4z8pjFb8gAgAAJAICAAMjAEA==
Date: Thu, 04 Apr 2013 16:32:49 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943675B4F79@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.45573b920fde1863b2b824557b6bbbe8@trac.tools.ietf.org> <70DD0047-E4B5-4A00-A74D-B4B3CC67D68E@gmail.com>
In-Reply-To: <70DD0047-E4B5-4A00-A74D-B4B3CC67D68E@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(51704002)(377454001)(13464002)(189002)(24454001)(76482001)(63696002)(56776001)(81342001)(54316002)(46102001)(16406001)(54356001)(74502001)(49866001)(51856001)(46406002)(23726001)(47776003)(59766001)(20776003)(80022001)(55846006)(5343655001)(69226001)(47736001)(77982001)(50986001)(50466001)(31966008)(65816001)(47976001)(47446002)(79102001)(4396001)(66066001)(74662001)(33656001)(56816002)(81542001)(53806001)(5343635001); DIR:OUT; SFP:; SCL:1; SRVR:BN1BFFO11HUB027; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08062C429B
Cc: "rlb@ipv.sx" <rlb@ipv.sx>, "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 16:33:11 -0000
Responding to your "unsettled" remark, I suspect most people are fine with having the "aud" and "iss" be claims in the JWT where they normally are. Yes, you have to decrypt the token to get these claim values, but if you're going to use the token, you'll have to do that anyway. I don't think it's clear to most people what problem is being solved by potentially these fields to be present in a different location. Without a compelling use case, this just seems like more to implement without a clear benefit of doing so. -- Mike -----Original Message----- From: Dick Hardt [mailto:dick.hardt@gmail.com] Sent: Wednesday, April 03, 2013 9:29 PM To: jose issue tracker Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; Mike Jones; rlb@ipv.sx; jose@ietf.org Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names Actually, Mike was suggesting that the issue be moved to the JWT WG. I'll settle with the JWE spec pointing to an IANA registry. Speaking as an implementer, if there is a list of reserved names in the spec, I'm likely to think that is all of them. I'm a little unsettled that no one else has had any feedback on having 'aud' and 'iss' in the JWE header. Is my implementation the only that has that requirement? -- Dick On Apr 3, 2013, at 8:57 PM, "jose issue tracker" <trac+jose@trac.tools.ietf.org> wrote: > #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names > > > Comment (by rlb@ipv.sx): > > I agree with Mike that these don't really belong in the core JWE/JWS > specs. > > I would suggest we address this issue more generally, by creating an > IANA registry of reserved parameter names, with a fairly liberal > inclusion policy. That registry could have a field to indicate > whether JOSE implementations are REQUIRED to support a given parameter > (MTI parameters). (Note that this is different from whether a JOSE > object is REQUIRED to contain a parameter.) Perhaps we could have > optional parameters under a fairly liberal policy (e.g., Specification > Required), with a higher bar for MTI parameters (e.g., Standards Action). > > If we set up the registry in this way, then Dick could write a short > Informational document that would register these fields. > > -- > -------------------------+-------------------------------------------- > -------------------------+----- > Reporter: | Owner: draft-ietf-jose-json-web- > dick.hardt@gmail.com | encryption@tools.ietf.org > Type: enhancement | Status: new > Priority: major | Milestone: > Component: json-web- | Version: > encryption | Resolution: > Severity: - | > Keywords: | > -------------------------+-------------------------------------------- > -------------------------+----- > > Ticket URL: > <http://trac.tools.ietf.org/wg/jose/trac/ticket/17#comment:2> > jose <http://tools.ietf.org/jose/> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] #17: add 'aud' and 'iss' to 4.1 Reserved H… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… John Bradley
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Jim Schaad
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Matt Miller (mamille2)
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker