Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments
"Jim Schaad" <ietf@augustcellars.com> Sun, 18 October 2015 01:23 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97E2E1A1DBE for <jose@ietfa.amsl.com>; Sat, 17 Oct 2015 18:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.801
X-Spam-Level:
X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AenIyCeq_ihh for <jose@ietfa.amsl.com>; Sat, 17 Oct 2015 18:23:32 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E5531A1C00 for <jose@ietf.org>; Sat, 17 Oct 2015 18:23:32 -0700 (PDT)
Received: from hebrews (173-8-216-38-Oregon.hfc.comcastbusiness.net [173.8.216.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id C75A938EE8; Sat, 17 Oct 2015 18:23:31 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: "'Manger, James'" <James.H.Manger@team.telstra.com>, 'Mike Jones' <Michael.Jones@microsoft.com>, jose@ietf.org
References: <BY2PR03MB4425B29243487BC32294D1AF5300@BY2PR03MB442.namprd03.prod.outlook.com> <255B9BB34FB7D647A506DC292726F6E13BB0623AFD@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BB0623AFD@WSMSG3153V.srv.dir.telstra.com>
Date: Sat, 17 Oct 2015 18:20:51 -0700
Message-ID: <012c01d10943$3ab9a9c0$b02cfd40$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_012D_01D10908.8E5C0A40"
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQIUQlbBXbko3FqiXWowZorfE22UeQIK6AZandmnc1A=
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/Tfq7gRtAsOUt6pVHoCEARL0ECiQ>
Subject: Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Oct 2015 01:23:35 -0000
James, I have been thinking about what you are saying in your mail. 1. I agree with your question about doing an update to RFC 7515. It would be perfectly reasonable to mark this draft as doing an update because it is defining a new header that can be placed in a JWS message. It is probably not required but needs to be considered. It does not invalidate the 7515 version of JWS as being URL-safe. It would be recognized if you are doing this document that the safety would be different. 2. I think that there should be a recommendation that a "crit" parameter stated as required (or at least strongly recommended) that lists the "b64" header parameter in it. At a minimum there should be a discussion about the use of the "crit" parameter in this context. Jim From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Manger, James Sent: Tuesday, October 13, 2015 7:55 PM To: Mike Jones <Michael.Jones@microsoft.com>; jose@ietf.org Subject: Re: [jose] JWS Unencoded Payload Option spec addressing WGLC comments Shouldn't draft-ietf-jose-jws-signing-input-options update RFC 7515 "JWS"? That seems quite important as draft-ietf-jose-jws-signing-input-options changes the meaning of valid JWS messages (new "b64" field that cannot be ignored, but is not listed in "crit"), and allows a bunch of previously invalid chars in JWS Compact Serializations (invalidating the JWS definition of Compact Serialization as a "URL-safe string"). -- James Manger From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones Sent: Wednesday, 14 October 2015 10:49 AM To: jose@ietf.org <mailto:jose@ietf.org> Subject: [jose] JWS Unencoded Payload Option spec addressing WGLC comments Draft -03 of the JWS Unencoded Payload Option specification addresses the working group last call comments received. Thanks to Jim Schaad, Vladimir Dzhuvinov, John Bradley, and Nat Sakimura for the useful comments. Changes were: * Allowed the ASCII space character and all printable ASCII characters other than period ('.') in non-detached unencoded payloads using the JWS Compact Serialization. * Updated the abstract to say that that the spec updates RFC 7519. * Removed unused references. * Changed the change controller to IESG. The specification is available at: * https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-03 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-03.ht ml -- Mike P.S. This note was also published at http://self-issued.info/?p=1465 and as @selfissued <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.co m%2fselfissued&data=01%7c01%7cmichael.jones%40microsoft.com%7c3a69db7b8b6c4d 47da0f08d2937a3d82%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ggurSMkRVW%2 bR8Nv93Mnbsf16CmVGqfjB9lW8SV5gAKM%3d> .
- [jose] JWS Unencoded Payload Option spec addressi… Mike Jones
- Re: [jose] JWS Unencoded Payload Option spec addr… Manger, James
- Re: [jose] JWS Unencoded Payload Option spec addr… Jim Schaad
- Re: [jose] JWS Unencoded Payload Option spec addr… Mike Jones
- Re: [jose] JWS Unencoded Payload Option spec addr… Jim Schaad
- Re: [jose] JWS Unencoded Payload Option spec addr… Manger, James
- Re: [jose] JWS Unencoded Payload Option spec addr… Mike Jones
- Re: [jose] JWS Unencoded Payload Option spec addr… Jim Schaad
- Re: [jose] JWS Unencoded Payload Option spec addr… Mike Jones
- Re: [jose] JWS Unencoded Payload Option spec addr… Manger, James
- Re: [jose] JWS Unencoded Payload Option spec addr… Mike Jones
- Re: [jose] JWS Unencoded Payload Option spec addr… Mike Jones