IETF Logo Mail Archive

Re: [jose] #161 Password Considerations - Proposed Text

Mike Jones <Michael.Jones@microsoft.com> Mon, 11 November 2013 16:34 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1160321E809C for <jose@ietfa.amsl.com>; Mon, 11 Nov 2013 08:34:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.457
X-Spam-Level:
X-Spam-Status: No, score=-3.457 tagged_above=-999 required=5 tests=[AWL=0.142, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NH8uUS22xzsX for <jose@ietfa.amsl.com>; Mon, 11 Nov 2013 08:34:43 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0205.outbound.protection.outlook.com [207.46.163.205]) by ietfa.amsl.com (Postfix) with ESMTP id 289E511E810D for <jose@ietf.org>; Mon, 11 Nov 2013 08:34:38 -0800 (PST)
Received: from BLUPR03CA034.namprd03.prod.outlook.com (10.141.30.27) by BLUPR03MB197.namprd03.prod.outlook.com (10.255.212.144) with Microsoft SMTP Server (TLS) id 15.0.815.6; Mon, 11 Nov 2013 16:34:33 +0000
Received: from BN1BFFO11FD014.protection.gbl (2a01:111:f400:7c10::189) by BLUPR03CA034.outlook.office365.com (2a01:111:e400:879::27) with Microsoft SMTP Server (TLS) id 15.0.815.6 via Frontend Transport; Mon, 11 Nov 2013 16:34:33 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD014.mail.protection.outlook.com (10.58.53.74) with Microsoft SMTP Server (TLS) id 15.0.815.5 via Frontend Transport; Mon, 11 Nov 2013 16:34:32 +0000
Received: from TK5EX14MBXC287.redmond.corp.microsoft.com ([169.254.2.85]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0158.002; Mon, 11 Nov 2013 16:33:53 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
Thread-Topic: [jose] #161 Password Considerations - Proposed Text
Thread-Index: AQHO29kIuC8a6g8Ca0y/o7d69v5ORZoaZcIAgAGng5CAAyXIoIAAJgIAgAAkjnCAAL64gIAAA3wQ
Date: Mon, 11 Nov 2013 16:33:52 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394377E76241@TK5EX14MBXC287.redmond.corp.microsoft.com>
References: <4E5336EC-417E-45A8-9F58-952BBA668C25@cisco.com> <255B9BB34FB7D647A506DC292726F6E11536158D20@WSMSG3153V.srv.dir.telstra.com> <4E1F6AAD24975D4BA5B168042967394377E734AE@TK5EX14MBXC287.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E115362B7ADA@WSMSG3153V.srv.dir.telstra.com> <0a1001cede88$62aff3e0$280fdba0$@augustcellars.com> <4E1F6AAD24975D4BA5B168042967394377E751AD@TK5EX14MBXC287.redmond.corp.microsoft.com> <15B79C56-3C43-4F25-A8A7-2EB015D7B7B2@cisco.com>
In-Reply-To: <15B79C56-3C43-4F25-A8A7-2EB015D7B7B2@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(51704005)(189002)(199002)(377454003)(13464003)(164054003)(24454002)(44976005)(81542001)(81816001)(551544002)(53806001)(51856001)(80022001)(66066001)(69226001)(83072001)(47776003)(20776003)(63696002)(2656002)(19580405001)(56776001)(83322001)(87266001)(19580395003)(74876001)(54356001)(50466002)(46102001)(80976001)(87936001)(76796001)(6806004)(76786001)(85306002)(65816001)(74366001)(33656001)(79102001)(81686001)(4396001)(76482001)(47736001)(77096001)(31966008)(74706001)(59766001)(77982001)(74662001)(47446002)(74502001)(23726002)(55846006)(49866001)(54316002)(81342001)(46406003)(56816003)(50986001)(15975445006)(47976001); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB197; H:mail.microsoft.com; CLIP:131.107.125.37; FPR:; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0027ED21E7
X-OriginatorOrg: microsoft.com
Cc: Jim Schaad <ietf@augustcellars.com>, "Manger, James H" <James.H.Manger@team.telstra.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #161 Password Considerations - Proposed Text
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2013 16:34:50 -0000

So it sounds like these won't complete anytime soon, in other words. :-/

-----Original Message-----
From: Matt Miller (mamille2) [mailto:mamille2@cisco.com] 
Sent: Monday, November 11, 2013 8:21 AM
To: Mike Jones
Cc: Jim Schaad; Manger, James H; jose@ietf.org
Subject: Re: [jose] #161 Password Considerations - Proposed Text

The document draft-ietf-precis-saslprepbis competed a WG LC a few weeks ago, but went through a fair amount of changes recently.  A discussion with some Kitten WG folk is pending to make sure their concerns are addressed.  It might go through another WG LC.  The foundational documents for PRECIS (draft-ietf-precis-framework and draft-ietf-precis-mappings) completed WG LC; the consensus was that precis-framework is ready for IETF LC, but precis-mapping might not be (each has a normative reference to the other, and saslprepbis has a normative reference to precis-framework).


- m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

On Nov 10, 2013, at 9:00 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:

> I'm OK with the MUST.  But can anyone give us a status update on draft-ietf-precis-saslprepbis?  It doesn't appear to be in the RFC Editor queue.  I'm worried that if we make a normative reference, JWA will be held up in the RFC editor queue for on reference, just like draft-ietf-appsawg-acct-uri is currently held up in the RFC Editor queue on a reference to draft-ietf-precis-framework, which has not yet been received by the RFC Editor.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: Jim Schaad [mailto:ietf@augustcellars.com]
> Sent: Sunday, November 10, 2013 6:48 PM
> To: 'Manger, James H'; Mike Jones; 'Matt Miller (mamille2)'; 
> jose@ietf.org
> Subject: RE: [jose] #161 Password Considerations - Proposed Text
> 
> 
> 
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf 
>> Of Manger, James H
>> Sent: Sunday, November 10, 2013 4:36 PM
>> To: Mike Jones; Matt Miller (mamille2); <jose@ietf.org>
>> Subject: Re: [jose] #161 Password Considerations - Proposed Text
>> 
>>> ----------
>>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
>>> 
>>> I believe that the following text addresses the encoding issue that 
>>> James raised:
>>> 
>>> 	  The PBES2 password input is an octet sequence;
>>> 	  if the password to be used is represented as a text string
>>> 	  rather than an octet sequence, the UTF-8 encoding of the text
> string
>>> 	  SHOULD be used as the octet sequence.
>>> 
>>> If you'd like to see any changes made to it, please propose specific 
>>> edits.
>>> 
>>> (The SASLPREP text is already present in the Internationalization 
>>> Considerations section.)
>>> 
>>> 				Thanks,
>>> 				-- Mike
>> 
>> 
>> At least change SHOULD to MUST.
> 
> If it is not changed then there needs to be a lot of description about why this is not a MUST.  If this is the case then it would be logical that two different implementations could do different decisions and never interoperate.
> 
> I would say that we should make a normative reference to the draft-melnikov-precis-saslprepbis as well.  If not then we will probably get hit by the ADs.
> 
> Jim
> 
>> 
>> --
>> James Manger
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email