IETF Logo Mail Archive

Re: [jose] Header criticality -- hidden consensus?

Brian Campbell <bcampbell@pingidentity.com> Fri, 08 February 2013 23:48 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A88BE21F8BF8 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:48:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.917
X-Spam-Level:
X-Spam-Status: No, score=-5.917 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YurJaZfiYIbq for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:48:48 -0800 (PST)
Received: from na3sys009aog131.obsmtp.com (na3sys009aog131.obsmtp.com [74.125.149.247]) by ietfa.amsl.com (Postfix) with ESMTP id C301221F8BF6 for <jose@ietf.org>; Fri, 8 Feb 2013 15:48:47 -0800 (PST)
Received: from mail-ie0-f200.google.com ([209.85.223.200]) (using TLSv1) by na3sys009aob131.postini.com ([74.125.148.12]) with SMTP ID DSNKURWO3zptJsbjM1w5J/IiF5mIFSXpYlSA@postini.com; Fri, 08 Feb 2013 15:48:47 PST
Received: by mail-ie0-f200.google.com with SMTP id c11so18805438ieb.3 for <jose@ietf.org>; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=zl6k+LpU+h5zhED1qHhvJ8qChG/uhxJL4zvSyp82sV8=; b=XixZylJpvy6aB+8jJClaQ1CfYUD+mW0palyCeApeW1y92a/2hkZCMLmSGBCHnhEfZ4 SQmYtIPREzUYabz6FPPv7CsDKw9Eucy0UhtPXT+hUrTXT93oUxF3l3dzsc/h+2867ko/ dY7dVVWskHlosgwFQhgDuCX3X1NGqSYIDAkW/T47j9dyCoXLI3qJiCQvy0tjCzT7XGwl /NEdtTSbyey31Zehzt42e9P97pEY3foXr6KEgvy2TJAfopg0dhvnckLJv80huXUmJ9to Nr9Rp4oTnjtjkk734MYakWhaJBK9Gr3vUOUOI6KGdkYNRHUII1pRKnI2lFWiFGP/3toW /PPw==
X-Received: by 10.50.169.106 with SMTP id ad10mr6154889igc.88.1360367327351; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
X-Received: by 10.50.169.106 with SMTP id ad10mr6154878igc.88.1360367327188; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.139.8 with HTTP; Fri, 8 Feb 2013 15:48:17 -0800 (PST)
In-Reply-To: <CAL02cgRcHcZBd6dt2vLFfByCRKxTMqhzf2FyMety0qcsg2c+Lw@mail.gmail.com>
References: <CAL02cgRxeS-DomWzVBmoqzps57jgvrUSLn5nrFtqcrTD1wQa=g@mail.gmail.com> <CA+k3eCSbtSTT55J=jOhEQBTDeyu7TM35F_tswt-bKAdd4-VkJw@mail.gmail.com> <CAL02cgRcHcZBd6dt2vLFfByCRKxTMqhzf2FyMety0qcsg2c+Lw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 08 Feb 2013 16:48:17 -0700
Message-ID: <CA+k3eCSpWMvhLRCurSh0hC4kUfwJ6ZDzih88mgJsusZDe9j1MQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="e89a8f2346bb4d177904d53f331a"
X-Gm-Message-State: ALoCoQkh0RO00ekuiA6jYGWybkVwYkt8ceMifleVPnwrMiTLaUjzI33CuaeLsBuUAELGLtbbdYt/y4oC9h9wetbi5LZBxfi4tH+xXAVMxaLLbfwtGUdZVpj8XbLxSJwXmq1kMOytnkEk
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 23:48:48 -0000

Narrows the gap by 1...


On Fri, Feb 8, 2013 at 4:46 PM, Richard Barnes <rlb@ipv.sx> wrote:

> Sorry about that!  But you're in the "No" camp anyway, so it doesn't
> really change the outcome here.
>
>
> On Fri, Feb 8, 2013 at 6:34 PM, Brian Campbell <bcampbell@pingidentity.com
> > wrote:
>
>> FWIW, I didn't see my name on the tabulation but I did 'vote'
>> http://www.ietf.org/mail-archive/web/jose/current/msg01461.html
>>
>>
>> On Fri, Feb 8, 2013 at 4:11 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>
>>> We're 24 votes into the header criticality poll, so I thought I would go
>>> ahead and take a look at how the results are shaping up.  My initial
>>> tabulation is below.  The result on the FIRST POLL (the main one) is as
>>> follows:
>>>
>>> No: 10
>>> Yes: 14
>>>
>>> What I find striking, however, is that every single person that voted
>>> "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL.  So nobody who
>>> thinks that all headers should be critical thinks that a JOSE library
>>> should actually be required to enforce this constraint.  And that means
>>> that enforcing that all headers are supported cannot be a MUST according to
>>> RFC 2119.
>>>
>>> So I wonder if there's consensus to remove the following text from JWE
>>> and JWS:
>>> -----BEGIN-JWE-----
>>>    4.   The resulting JWE Header MUST be validated to only include
>>>         parameters and values whose syntax and semantics are both
>>>         understood and supported.
>>> -----END-JWE-----
>>> -----BEGIN-JWS-----
>>>    4.  The resulting JWS Header MUST be validated to only include
>>>        parameters and values whose syntax and semantics are both
>>>        understood and supported.
>>> -----END-JWS-----
>>>
>>> Otherewise, a JOSE library conforming to these specifications would be
>>> REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains an
>>> unknown header, contradicting all those "Yes" votes on the SECOND POLL.
>>>
>>> --Richard
>>>
>>>
>>>
>>> -----BEGIN-Tabulation-----
>>> 1       2       3    Name:
>>> N       -       -    Bradley
>>> N       -       -    Ito
>>> N       N       A    Yee
>>> N       N       B    Barnes
>>> N       N       B    Rescorla
>>> N       N       C    Manger
>>> N       N       C    Octman
>>> N       Y       A    Fletcher
>>> N       Y       A    Miller
>>> N       Y       A    Sakimura
>>> Y       Y       -    D'Agostino
>>> Y       Y       A    Biering
>>> Y       Y       A    Brault
>>> Y       Y       A    Hedberg
>>> Y       Y       A    Jay
>>> Y       Y       A    Jones
>>> Y       Y       A    Marais
>>> Y       Y       A    Nadalin
>>> Y       Y       A    Nara
>>> Y       Y       A    Nennker
>>> Y       Y       A    Solberg
>>> Y       Y       B    Hardt
>>> Y       Y       B    Medeiros
>>> Y       Y       C    Matake
>>> Y       Y       C    Mishra
>>> -----END-Tabulation-----
>>>
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email