[jose] JOSE -34 and JWT -28 drafts addressing IESG review comments
Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:40 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7CC91A879C for <jose@ietfa.amsl.com>; Tue, 14 Oct 2014 05:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chY7FKdzCJED for <jose@ietfa.amsl.com>; Tue, 14 Oct 2014 05:40:16 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0708.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::708]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C20BA1A87A3 for <jose@ietf.org>; Tue, 14 Oct 2014 05:40:13 -0700 (PDT)
Received: from BN3PR0301CA0041.namprd03.prod.outlook.com (25.160.180.179) by DM2PR0301MB1214.namprd03.prod.outlook.com (25.160.219.155) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:39:50 +0000
Received: from BN1BFFO11FD046.protection.gbl (2a01:111:f400:7c10::1:133) by BN3PR0301CA0041.outlook.office365.com (2a01:111:e400:4000::51) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:39:49 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD046.mail.protection.outlook.com (10.58.145.1) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:39:49 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:39:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JOSE -34 and JWT -28 drafts addressing IESG review comments
Thread-Index: Ac/nq9tUA/c8pqIbSdqFmKhSVvB8WA==
Date: Tue, 14 Oct 2014 12:39:16 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D090@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB0D090TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(189002)(199003)(54356999)(86612001)(80022003)(107886001)(2501002)(92726001)(120916001)(85806002)(4396001)(20776003)(87936001)(19300405004)(2656002)(19617315012)(33656002)(85852003)(64706001)(97736003)(19625215002)(66066001)(76482002)(104016003)(16297215004)(71186001)(15202345003)(110136001)(99396003)(81156004)(46102003)(26826002)(2351001)(107046002)(50986999)(92566001)(16236675004)(19580395003)(44976005)(6806004)(512954002)(68736004)(106466001)(21056001)(69596002)(84676001)(77096002)(84326002)(15975445006)(85306004)(86362001)(229853001)(95666004)(31966008)(55846006)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1214; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1214;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/QmTefJMcqmtQSESeZpTHUvun68M
Subject: [jose] JOSE -34 and JWT -28 drafts addressing IESG review comments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:40:18 -0000
Updated JOSE and JWT specifications have been published that address the IESG review comments received. The one set of normative changes was to change the implementation requirements for RSAES-PKCS1-V1_5 from Required to Recommended- and for RSA-OAEP from Optional to Recommended+. Thanks to Richard Barnes, Alissa Cooper, Stephen Farrell, Brian Haberman, Ted Lemon, Barry Leiba, and Pete Resnick for their IESG review comments, plus thanks to Scott Brim and Russ Housley for additional Gen-ART review comments, and thanks to the working group members who helped respond to them. Many valuable clarifications resulted from your thorough reviews. The specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-34 * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-28 HTML formatted versions are available at: * http://self-issued.info/docs/draft-ietf-jose-json-web-signature-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-key-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-34.html * http://self-issued.info/docs/draft-ietf-oauth-json-web-token-28.html -- Mike P.S. I also published this note at http://self-issued.info/?p=1291 and as @selfissued.