Re: [jose] Header criticality -- hidden consensus?
Brian Campbell <bcampbell@pingidentity.com> Fri, 08 February 2013 23:48 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A88BE21F8BF8 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:48:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.917
X-Spam-Level:
X-Spam-Status: No, score=-5.917 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YurJaZfiYIbq for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:48:48 -0800 (PST)
Received: from na3sys009aog131.obsmtp.com (na3sys009aog131.obsmtp.com [74.125.149.247]) by ietfa.amsl.com (Postfix) with ESMTP id C301221F8BF6 for <jose@ietf.org>; Fri, 8 Feb 2013 15:48:47 -0800 (PST)
Received: from mail-ie0-f200.google.com ([209.85.223.200]) (using TLSv1) by na3sys009aob131.postini.com ([74.125.148.12]) with SMTP ID DSNKURWO3zptJsbjM1w5J/IiF5mIFSXpYlSA@postini.com; Fri, 08 Feb 2013 15:48:47 PST
Received: by mail-ie0-f200.google.com with SMTP id c11so18805438ieb.3 for <jose@ietf.org>; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=zl6k+LpU+h5zhED1qHhvJ8qChG/uhxJL4zvSyp82sV8=; b=XixZylJpvy6aB+8jJClaQ1CfYUD+mW0palyCeApeW1y92a/2hkZCMLmSGBCHnhEfZ4 SQmYtIPREzUYabz6FPPv7CsDKw9Eucy0UhtPXT+hUrTXT93oUxF3l3dzsc/h+2867ko/ dY7dVVWskHlosgwFQhgDuCX3X1NGqSYIDAkW/T47j9dyCoXLI3qJiCQvy0tjCzT7XGwl /NEdtTSbyey31Zehzt42e9P97pEY3foXr6KEgvy2TJAfopg0dhvnckLJv80huXUmJ9to Nr9Rp4oTnjtjkk734MYakWhaJBK9Gr3vUOUOI6KGdkYNRHUII1pRKnI2lFWiFGP/3toW /PPw==
X-Received: by 10.50.169.106 with SMTP id ad10mr6154889igc.88.1360367327351; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
X-Received: by 10.50.169.106 with SMTP id ad10mr6154878igc.88.1360367327188; Fri, 08 Feb 2013 15:48:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.139.8 with HTTP; Fri, 8 Feb 2013 15:48:17 -0800 (PST)
In-Reply-To: <CAL02cgRcHcZBd6dt2vLFfByCRKxTMqhzf2FyMety0qcsg2c+Lw@mail.gmail.com>
References: <CAL02cgRxeS-DomWzVBmoqzps57jgvrUSLn5nrFtqcrTD1wQa=g@mail.gmail.com> <CA+k3eCSbtSTT55J=jOhEQBTDeyu7TM35F_tswt-bKAdd4-VkJw@mail.gmail.com> <CAL02cgRcHcZBd6dt2vLFfByCRKxTMqhzf2FyMety0qcsg2c+Lw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 08 Feb 2013 16:48:17 -0700
Message-ID: <CA+k3eCSpWMvhLRCurSh0hC4kUfwJ6ZDzih88mgJsusZDe9j1MQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="e89a8f2346bb4d177904d53f331a"
X-Gm-Message-State: ALoCoQkh0RO00ekuiA6jYGWybkVwYkt8ceMifleVPnwrMiTLaUjzI33CuaeLsBuUAELGLtbbdYt/y4oC9h9wetbi5LZBxfi4tH+xXAVMxaLLbfwtGUdZVpj8XbLxSJwXmq1kMOytnkEk
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 23:48:48 -0000
Narrows the gap by 1... On Fri, Feb 8, 2013 at 4:46 PM, Richard Barnes <rlb@ipv.sx> wrote: > Sorry about that! But you're in the "No" camp anyway, so it doesn't > really change the outcome here. > > > On Fri, Feb 8, 2013 at 6:34 PM, Brian Campbell <bcampbell@pingidentity.com > > wrote: > >> FWIW, I didn't see my name on the tabulation but I did 'vote' >> http://www.ietf.org/mail-archive/web/jose/current/msg01461.html >> >> >> On Fri, Feb 8, 2013 at 4:11 PM, Richard Barnes <rlb@ipv.sx> wrote: >> >>> We're 24 votes into the header criticality poll, so I thought I would go >>> ahead and take a look at how the results are shaping up. My initial >>> tabulation is below. The result on the FIRST POLL (the main one) is as >>> follows: >>> >>> No: 10 >>> Yes: 14 >>> >>> What I find striking, however, is that every single person that voted >>> "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody who >>> thinks that all headers should be critical thinks that a JOSE library >>> should actually be required to enforce this constraint. And that means >>> that enforcing that all headers are supported cannot be a MUST according to >>> RFC 2119. >>> >>> So I wonder if there's consensus to remove the following text from JWE >>> and JWS: >>> -----BEGIN-JWE----- >>> 4. The resulting JWE Header MUST be validated to only include >>> parameters and values whose syntax and semantics are both >>> understood and supported. >>> -----END-JWE----- >>> -----BEGIN-JWS----- >>> 4. The resulting JWS Header MUST be validated to only include >>> parameters and values whose syntax and semantics are both >>> understood and supported. >>> -----END-JWS----- >>> >>> Otherewise, a JOSE library conforming to these specifications would be >>> REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains an >>> unknown header, contradicting all those "Yes" votes on the SECOND POLL. >>> >>> --Richard >>> >>> >>> >>> -----BEGIN-Tabulation----- >>> 1 2 3 Name: >>> N - - Bradley >>> N - - Ito >>> N N A Yee >>> N N B Barnes >>> N N B Rescorla >>> N N C Manger >>> N N C Octman >>> N Y A Fletcher >>> N Y A Miller >>> N Y A Sakimura >>> Y Y - D'Agostino >>> Y Y A Biering >>> Y Y A Brault >>> Y Y A Hedberg >>> Y Y A Jay >>> Y Y A Jones >>> Y Y A Marais >>> Y Y A Nadalin >>> Y Y A Nara >>> Y Y A Nennker >>> Y Y A Solberg >>> Y Y B Hardt >>> Y Y B Medeiros >>> Y Y C Matake >>> Y Y C Mishra >>> -----END-Tabulation----- >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose >>> >>> >> >
- [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Header criticality -- hidden consensus? Hannes Tschofenig
- Re: [jose] Header criticality -- hidden consensus? Manger, James H
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS